Lucene search

[email protected]NVD:CVE-2022-41677

HistoryDec 18, 2023 - 1:15 p.m.

CVE-2022-41677

2023-12-1813:15:06

CWE-284

[email protected]

web.nvd.nist.gov

information disclosure

bosch ip camera

unauthorized access

network settings

cve-2022-41677

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.5%

JSON

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

Affected configurations

Nvd

Node

boschcpp14Match-

AND

boschcpp14_firmwareRange≤8.80

Node

boschcpp13Match-

AND

boschcpp13_firmwareRange≤8.48

Node

boschcpp7.3Match-

AND

boschcpp7.3_firmwareRange≤7.86

Node

boschcpp7Match-

AND

boschcpp7_firmwareRange≤7.86

Node

boschcpp6Match-

AND

boschcpp6_firmwareRange≤7.86

Node

boschcpp4Match-

AND

boschcpp4_firmwareRange≤7.10

VendorProductVersionCPE
boschcpp14-cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*
boschcpp14_firmware*cpe:2.3:o:bosch:cpp14_firmware:*:*:*:*:*:*:*:*
boschcpp13-cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*
boschcpp13_firmware*cpe:2.3:o:bosch:cpp13_firmware:*:*:*:*:*:*:*:*
boschcpp7.3-cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*
boschcpp7.3_firmware*cpe:2.3:o:bosch:cpp7.3_firmware:*:*:*:*:*:*:*:*
boschcpp7-cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*
boschcpp7_firmware*cpe:2.3:o:bosch:cpp7_firmware:*:*:*:*:*:*:*:*
boschcpp6-cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*
boschcpp6_firmware*cpe:2.3:o:bosch:cpp6_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bosch	cpp14	-	cpe:2.3:h:bosch:cpp14:-:::::::*
bosch	cpp14_firmware	*	cpe:2.3:o:bosch:cpp14_firmware::::::::
bosch	cpp13	-	cpe:2.3:h:bosch:cpp13:-:::::::*
bosch	cpp13_firmware	*	cpe:2.3:o:bosch:cpp13_firmware::::::::
bosch	cpp7.3	-	cpe:2.3:h:bosch:cpp7.3:-:::::::*
bosch	cpp7.3_firmware	*	cpe:2.3:o:bosch:cpp7.3_firmware::::::::
bosch	cpp7	-	cpe:2.3:h:bosch:cpp7:-:::::::*
bosch	cpp7_firmware	*	cpe:2.3:o:bosch:cpp7_firmware::::::::
bosch	cpp6	-	cpe:2.3:h:bosch:cpp6:-:::::::*
bosch	cpp6_firmware	*	cpe:2.3:o:bosch:cpp6_firmware::::::::

Rows per page:

1-10 of 121

References

psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.5%

JSON

Related for NVD:CVE-2022-41677

cve1 prion1 cvelist1