Authentication flaw

2021-06-0915:15:00

PRIOn knowledge base

www.prio-n.com

9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.2%

JSON

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.

CPENameOperatorVersion
cpp6_firmwarege7.80
cpp6_firmwarelt7.80.0129
cpp6_firmwareeq7.70
cpp6_firmwareeq7.72
cpp7.3_firmwarege7.80
cpp7.3_firmwarelt7.80.0129
cpp7.3_firmwareeq7.70
cpp7.3_firmwareeq7.72
cpp7_firmwarege7.80
cpp7_firmwarelt7.80.0129

Name	Operator	Version
cpp6_firmware	ge	7.80
cpp6_firmware	lt	7.80.0129
cpp6_firmware	eq	7.70
cpp6_firmware	eq	7.72
cpp7.3_firmware	ge	7.80
cpp7.3_firmware	lt	7.80.0129
cpp7.3_firmware	eq	7.70
cpp7.3_firmware	eq	7.72
cpp7_firmware	ge	7.80
cpp7_firmware	lt	7.80.0129