CVE-2019-11891

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

Privilege escalation

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

CVE-2019-11896

CVE-2019-11896 affects the Bosch Smart Home Controller (SHC) via the 3rd-party pairing mechanism prior to version 9.8.907. The root issue is an incorrect privilege assignment that can allow a restricted app to acquire default app permissions after a successful app pairing, which requires user int...

CVE-2019-11895

The CVE-2019-11895 entry concerns an improper access control vulnerability in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) prior to 9.8.905, which can lead to denial of service affecting the SHC and connected sensors/actuators. Exposure requires the attacker to have already pai...

CVE-2019-11891 Incorrect privilege assignment in the app pairing mechanism of the Bosch Smart Home Controller (SHC)

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller SHC before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the...

CVE-2019-11891

CVE-2019-11891 affects the Bosch Smart Home Controller (SHC) prior to version 9.8.905, with an incorrect privilege assignment in the app pairing mechanism that can lead to elevated privileges. Exploitation requires physical access to the SHC. The issue is described with a high-severity impact ( c...