Vulnerability Details CVE-2021-23845
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.8
References
Products affected by CVE-2021-23845
-
cpe:2.3:h:bosch:b426-cn:-
-
cpe:2.3:h:bosch:b426-m:-
-
cpe:2.3:h:bosch:b426:-
-
cpe:2.3:h:bosch:b429-cn:-
-
cpe:2.3:o:bosch:b426-cn_firmware:-
-
cpe:2.3:o:bosch:b426-m_firmware:-
-
cpe:2.3:o:bosch:b426_firmware:-
-
cpe:2.3:o:bosch:b426_firmware:03.01.0004
-
cpe:2.3:o:bosch:b426_firmware:03.02.002
-
cpe:2.3:o:bosch:b426_firmware:03.03.0009
-
cpe:2.3:o:bosch:b426_firmware:03.05.0003
-
cpe:2.3:o:bosch:b429-cn_firmware:-