Sign-up

ID

VAR-201902-0307


CVE

CVE-2019-7729


TITLE

Android for Bosch Smart Camera Vulnerabilities related to authorization, authority, and access control in applications

Trust: 0.8

sources: JVNDB: JVNDB-2019-001939

DESCRIPTION

An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to setting of insecure permissions, a malicious app could potentially succeed in retrieving video clips or still images that have been cached for clip sharing. (The Bosch Smart Home App is not affected. iOS Apps are not affected.). The vulnerability stems from the setting of insecure permissions. A local attacker could exploit this vulnerability to retrieve short videos and images that are cached for sharing

Trust: 1.71

sources: NVD: CVE-2019-7729 // JVNDB: JVNDB-2019-001939 // VULHUB: VHN-159164

AFFECTED PRODUCTS

vendor:boschmodel:smart camerascope:ltversion:1.3.1

Trust: 1.0

vendor:robert boschmodel:smart camerascope:ltversion:1.3.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-001939 // NVD: CVE-2019-7729

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7729
value: LOW

Trust: 1.0

NVD: CVE-2019-7729
value: LOW

Trust: 0.8

CNNVD: CNNVD-201902-827
value: LOW

Trust: 0.6

VULHUB: VHN-159164
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-7729
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-159164
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7729
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-159164 // JVNDB: JVNDB-2019-001939 // CNNVD: CNNVD-201902-827 // NVD: CVE-2019-7729

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-159164 // JVNDB: JVNDB-2019-001939 // NVD: CVE-2019-7729

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-827

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201902-827

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001939

PATCH
title:BOSCH-2019-0204url:https://psirt.bosch.com/Advisory/BOSCH-2019-0204.html
Trust: 0.8
title:Robert Bosch Smart Camera App for Android Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89615
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001939 // 
            
            
            
            CNNVD: CNNVD-201902-827

EXTERNAL IDS
db:NVDid:CVE-2019-7729
Trust: 2.5
db:JVNDBid:JVNDB-2019-001939
Trust: 0.8
db:CNNVDid:CNNVD-201902-827
Trust: 0.7
db:VULHUBid:VHN-159164
Trust: 0.1
sources:
            
            
            VULHUB: VHN-159164 // 
            
            
            
            JVNDB: JVNDB-2019-001939 // 
            
            
            
            CNNVD: CNNVD-201902-827 // 
            
            
            
            NVD: CVE-2019-7729

REFERENCES
url:https://psirt.bosch.com/advisory/bosch-2019-0204.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-7729
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7729
Trust: 0.8
sources:
            
            
            VULHUB: VHN-159164 // 
            
            
            
            JVNDB: JVNDB-2019-001939 // 
            
            
            
            CNNVD: CNNVD-201902-827 // 
            
            
            
            NVD: CVE-2019-7729

SOURCES
db:VULHUBid:VHN-159164
db:JVNDBid:JVNDB-2019-001939
db:CNNVDid:CNNVD-201902-827
db:NVDid:CVE-2019-7729

LAST UPDATE DATE
2024-11-23T22:51:52.095000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-159164date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-001939date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-827date:2020-08-25T00:00:00
db:NVDid:CVE-2019-7729date:2024-11-21T04:48:35.993

SOURCES RELEASE DATE
db:VULHUBid:VHN-159164date:2019-02-22T00:00:00
db:JVNDBid:JVNDB-2019-001939date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-827date:2019-02-22T00:00:00
db:NVDid:CVE-2019-7729date:2019-02-22T13:29:00.387