CVE-2021-23853

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bosch:cpp4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bosch:cpp6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:bosch:cpp7_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:bosch:cpp7.3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:bosch:cpp13_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:51

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 7.5
v3 : 8.3
References () https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - Vendor Advisory () https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html - Vendor Advisory

Information

Published : 2021-06-09 15:15

Updated : 2024-11-21 05:51


NVD link : CVE-2021-23853

Mitre link : CVE-2021-23853

CVE.ORG link : CVE-2021-23853


JSON object : View

Products Affected

bosch

  • cpp13_firmware
  • cpp4_firmware
  • cpp6_firmware
  • cpp7
  • cpp7.3_firmware
  • cpp7_firmware
  • cpp13
  • cpp7.3
  • cpp6
  • cpp4
CWE
CWE-20

Improper Input Validation