11 matches found
EUVD-2021-10771
Malware in sbrugna...
Bosch Security Systems B426 Conettix Improper Access Control (CVE-2021-23845)
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...
Bosch Security Systems B426 Conettix Cleartext Transmission of Sensitive Information (CVE-2021-23846)
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021. This plugin only works wit...
CVE-2021-23845
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...
CVE-2021-23845
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...
Design/Logic Flaw
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...
CVE-2021-23845 B426 Web Configuration Authentication Bypass
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from...
Bosch多个产品访问控制错误漏洞
Bosch B426 and others are a firmware from Bosch Germany. An access control error vulnerability exists in multiple Bosch products that stems from the use of hard-coded session tokens in the lgs.cgi module. The vulnerability allows remote attackers to bypass the authentication of the affected Bosch...
Bosch B426 Web Configuration Use of Hard-coded Password Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Bosch B426. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lgs.cgi module. This issue results from the use of hard-coded session token. An attacker c...
Bosch B426 Web Configuration Credential Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Bosch B426. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of login credentials provided to the login.cgi endpoint. The iss...
Bosch B426 安全漏洞
Bosch B426 is a firmware from Bosch Germany. A security vulnerability exists in Bosch B426 that allows network-adjacent attackers to disclose sensitive information about an affected Bosch B426 installation...