Bosch Divar Ip All-in-one 5000
9 CVEs affecting Bosch Divar Ip All-in-one 5000. Latest disclosed: 2023-12-18. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-6769 | Critical | 10.0 | 2020-02-07 | Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary… |
CVE-2021-23859 | Critical | 9.1 | 2021-12-08 | An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation t… |
CVE-2020-6768 | High | 8.6 | 2020-02-07 | A path traversal vulnerability in the Bosch Video Management System (BVMS) NoTouch deployment allows an unauthenticated remote attacker to read arbitrary files… |
CVE-2020-6785 | High | 7.8 | 2021-03-25 | Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allo… |
CVE-2020-6767 | High | 7.7 | 2020-02-06 | A path traversal vulnerability in the Bosch Video Management System (BVMS) FileTransferService allows an authenticated remote attacker to read arbitrary files… |
CVE-2021-23862 | High | 7.2 | 2021-12-08 | A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affect… |
CVE-2021-23861 | Medium | 6.5 | 2021-12-08 | By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or… |
CVE-2023-35867 | Medium | 5.9 | 2023-12-18 | An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of… |
CVE-2021-23860 | Medium | 5.0 | 2021-12-08 | An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack mu… |