Medium Vulnerability – BOSCH IP Camera
SEVERITY: MEDIUM
Redinent Researchers discovered Information Disclosure Vulnerability in BOSCH IP Camera.
Technical Details: An information disclosure can be triggered in Bosch’s flagship product Bosch CCTV Camera through a specially crafted HTTP request. The vulnerability exists in one of the parameters in a specified GET request triggered by the cameras.
Affected Versions
Product Name Affected Versions
Bosch Camera Firmware on: CPP14
Version(s): <= 8.80
Bosch Camera Firmware on: CPP13
Version(s): <= 8.48
Bosch Camera Firmware on: CPP7.3
Version(s): <= 7.86
Bosch Camera Firmware on: CPP7
Version(s): <= 7.86
Bosch Camera Firmware on: CPP6
Version(s): <= 7.86
Bosch Camera Firmware on: CPP4
Version(s): <= 7.10Bosch has released a version to fix the vulnerability.
BOSCH Advisory: https://psirt.bosch.com/security-advisories/bosch-sa-839739-bt.html
CVE-2022-41677
The coordinated disclosure timeline:
- September 14 2022 – Vulnerability discovered by Redinent researchers
- September 16 2022 – Vulnerability reported by Redinent to CERT India
- November 4 2022 – OEM acknowledged the vulnerability
- June 29 2023 – CVE assigned. OEM releases global advisory