Vulnerability Details CVE-2021-23849
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.8
References
Products affected by CVE-2021-23849
-
cpe:2.3:h:bosch:aviotec:-
-
cpe:2.3:h:bosch:cpp13:-
-
cpe:2.3:h:bosch:cpp14:-
-
cpe:2.3:h:bosch:cpp4:-
-
cpe:2.3:h:bosch:cpp6:-
-
cpe:2.3:h:bosch:cpp7.3:-
-
cpe:2.3:h:bosch:cpp7:-
-
cpe:2.3:o:bosch:aviotec_firmware:7.61
-
cpe:2.3:o:bosch:aviotec_firmware:7.72
-
cpe:2.3:o:bosch:cpp13_firmware:7.75
-
cpe:2.3:o:bosch:cpp14_firmware:8.00
-
cpe:2.3:o:bosch:cpp4_firmware:7.10
-
cpe:2.3:o:bosch:cpp6_firmware:7.60
-
cpe:2.3:o:bosch:cpp6_firmware:7.61
-
cpe:2.3:o:bosch:cpp6_firmware:7.70
-
cpe:2.3:o:bosch:cpp6_firmware:7.80
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.60
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.61
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.62
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.70
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.72
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.73
-
cpe:2.3:o:bosch:cpp7.3_firmware:7.80
-
cpe:2.3:o:bosch:cpp7_firmware:7.60
-
cpe:2.3:o:bosch:cpp7_firmware:7.61
-
cpe:2.3:o:bosch:cpp7_firmware:7.70
-
cpe:2.3:o:bosch:cpp7_firmware:7.72
-
cpe:2.3:o:bosch:cpp7_firmware:7.80