CVE-2021-23847

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

CVE-2021-23847

Summary: CVE-2021-23847 describes an unauthenticated information-extraction/settings-change flaw in Bosch IP cameras (CPP6, CPP7, CPP7.3) before firmware B128, on versions 7.70, 7.72, and 7.80. The root cause is a Missing Authentication in a Critical Function, allowing a remote attacker to craft ...

CVE-2021-23847 Unauthenticated Information Extraction Vulnerability

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and...

Vulnerability fixed in Drupal

Drupal has fixed a vulnerability in the Form API of the Drupal Core. The vulnerability allows a remote malicious party to able to perform a Cross-Site Request Forgery attack XSRF. A successful attack could thereby lead to consequential damage such as the obtaining sensitive data from a domain to...