CVE-2015-6970

CRITICAL

Bosch Security Systems NBN-498 Dinion2X - XML Injection

Title source: llm

Description

The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.

Exploits (1)

exploitdb WORKING POC

by neom22 · textwebappshardware

https://www.exploit-db.com/exploits/38369

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/38369/

Scores

CVSS v3 9.8

EPSS 0.0943

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-91

Status published

Products (1)

boschsecurity/nbn-498_dinion2x_day\/night_ip_cameras_firmware 4.54.0026

Published Feb 18, 2020

Tracked Since Feb 18, 2026