Bosch: >> Nexo Special Cordless Nutrunner (0608pe2514) Security Vulnerabilities
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-01-10
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-10
The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-01-10
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
CVSS Score
8.1
EPSS Score
0.021
Published
2024-01-10
The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-10
Page 3