Sign-up

ID

VAR-202106-1408


CVE

CVE-2021-23848


TITLE

Bosch IP  Cross-site scripting vulnerability in camera

Trust: 0.8

sources: JVNDB: JVNDB-2021-007993

DESCRIPTION

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. Bosch IP There is a cross-site scripting vulnerability in the camera.Information may be obtained and information may be tampered with. Bosch IP cameras is a German network camera equipment. Attackers can use this vulnerability to inject malicious scripts or HTML code. When malicious data is viewed, they can obtain sensitive information or hijack user sessions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-23848 // JVNDB: JVNDB-2021-007993 // CNVD: CNVD-2021-53971 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-23848

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['camera device']sub_category:IP camera

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-53971

AFFECTED PRODUCTS

vendor:boschmodel:cpp7scope:eqversion: -

Trust: 1.0

vendor:boschmodel:cpp6scope:eqversion: -

Trust: 1.0

vendor:boschmodel:cpp13scope:eqversion: -

Trust: 1.0

vendor:boschmodel:cpp7.3scope:eqversion: -

Trust: 1.0

vendor:boschmodel:cpp4scope:eqversion: -

Trust: 1.0

vendor:robert boschmodel:cpp4scope: - version: -

Trust: 0.8

vendor:robert boschmodel:cpp7.3scope: - version: -

Trust: 0.8

vendor:robert boschmodel:cpp13scope: - version: -

Trust: 0.8

vendor:robert boschmodel:cpp6scope: - version: -

Trust: 0.8

vendor:robert boschmodel:cpp7scope: - version: -

Trust: 0.8

vendor:boschmodel:ip camerasscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-53971 // JVNDB: JVNDB-2021-007993 // NVD: CVE-2021-23848

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23848
value: MEDIUM

Trust: 1.0

psirt@bosch.com: CVE-2021-23848
value: HIGH

Trust: 1.0

NVD: CVE-2021-23848
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-53971
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-739
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-23848
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23848
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-53971
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-23848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@bosch.com: CVE-2021-23848
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-23848
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-53971 // VULMON: CVE-2021-23848 // JVNDB: JVNDB-2021-007993 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-739 // NVD: CVE-2021-23848 // NVD: CVE-2021-23848

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007993 // NVD: CVE-2021-23848

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-739

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:BOSCH-SA-478243-BTurl:https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

Trust: 0.8

title:Patch for Bosch IP cameras cross-site scripting vulnerability (CNVD-2021-53971)url:https://www.cnvd.org.cn/patchInfo/show/280721

Trust: 0.6

title:Bosch IP cameras Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154906

Trust: 0.6

title:CVE-2021-23848url:https://github.com/PwnCast/CVE-2021-23848

Trust: 0.1

sources: CNVD: CNVD-2021-53971 // VULMON: CVE-2021-23848 // JVNDB: JVNDB-2021-007993 // CNNVD: CNNVD-202106-739

EXTERNAL IDS

db:NVDid:CVE-2021-23848

Trust: 4.0

db:JVNDBid:JVNDB-2021-007993

Trust: 0.8

db:CNVDid:CNVD-2021-53971

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021070713

Trust: 0.6

db:CNNVDid:CNNVD-202106-739

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2021-23848

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-53971 // VULMON: CVE-2021-23848 // JVNDB: JVNDB-2021-007993 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-739 // NVD: CVE-2021-23848

REFERENCES

url:https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-23848

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021070713

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://github.com/pwncast/cve-2021-23848

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2021-53971 // VULMON: CVE-2021-23848 // JVNDB: JVNDB-2021-007993 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-739 // NVD: CVE-2021-23848

SOURCES

db:OTHERid: -
db:CNVDid:CNVD-2021-53971
db:VULMONid:CVE-2021-23848
db:JVNDBid:JVNDB-2021-007993
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-739
db:NVDid:CVE-2021-23848

LAST UPDATE DATE

2025-01-30T22:13:21.283000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-53971date:2021-07-23T00:00:00
db:VULMONid:CVE-2021-23848date:2021-06-17T00:00:00
db:JVNDBid:JVNDB-2021-007993date:2022-03-01T08:32:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-739date:2021-07-08T00:00:00
db:NVDid:CVE-2021-23848date:2021-06-17T19:32:47.260

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-53971date:2021-07-23T00:00:00
db:VULMONid:CVE-2021-23848date:2021-06-09T00:00:00
db:JVNDBid:JVNDB-2021-007993date:2022-03-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-739date:2021-06-09T00:00:00
db:NVDid:CVE-2021-23848date:2021-06-09T15:15:08.250