CVE-2022-41677

CVE-2022-41677 affects Bosch IP camera devices. Concrete affected models/versions surfaced in external sources: Bosch CPP14 (firmware ≤ 8.80), CPP13 (≤ 8.48), CPP7.3 (≤ 7.86), and others. The issue is an information-disclosure vulnerability allowing an unauthenticated attacker to retrieve device ...

CVE-2021-23849

CVE-2021-23849 concerns Bosch IP cameras with a web-based management interface. The vulnerability is CSRF: an unauthenticated attacker can induce actions on behalf of a logged-in user by convincing them to click a malicious link or visit a malicious site, while the victim is authenticated to the ...

CVE-2021-23852

CVE-2021-23852 concerns Bosch IP cameras. An authenticated administrator could call a URL with an invalid parameter, causing the camera to become unresponsive for a few seconds and trigger DoS. The vulnerability is documented across multiple sources (NVD entry, CNVD, CVE listing). No exploitation...

CVE-2021-23853

CVE-2021-23853 affects Bosch IP cameras, where improper validation of HTTP headers in crafted URLs allows an attacker to inject arbitrary headers. The vulnerability is documented across multiple feeds (NVD entry and vendor ecosystem). Reported impact includes high confidentiality, integrity, and ...

CVE-2021-23848

CVE-2021-23848 describes a reflected XSS against the Bosch IP cameras web UI. The issue arises from the URL handling in the camera’s web interface, where an attacker who knows the camera address can send a crafted link that causes the victim’s browser to execute JavaScript in the user’s context. ...