CVE-2021-23845

B426 Web Configuration Authentication Bypass

CVSS 8 HIGHEPSS 0.8%CWE-284

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Productos afectados

Bosch · B426-CN/B429- CN Firmware Bosch · B426 Firmware Bosch · B426-M Firmware

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html