Vulnerability Details CVE-2019-11894
A potential improper access control vulnerability exists in the backup mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in unauthorized download of a backup. In order to exploit the vulnerability, the adversary needs to download the backup directly after a backup triggered by a legitimate user has been completed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.1%
CVSS Severity
CVSS v3 Score 5.7
CVSS v2 Score 2.9
References
Products affected by CVE-2019-11894
-
cpe:2.3:h:bosch:smart_home_controller:-
-
cpe:2.3:o:bosch:smart_home_controller_firmware:-