CVE-2021-23847
CRITICALBosch CPP6, CPP7, CPP7.3 <7.80 B128 - Unauthenticated Info Exposure & Settings Modification
Title source: llmDescription
A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html
Scores
CVSS v3
9.8
EPSS
0.0143
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-306
Status
published
Products (9)
bosch/cpp6_firmware
7.70
bosch/cpp6_firmware
7.72
bosch/cpp6_firmware
7.80 - 7.80.0129
bosch/cpp7.3_firmware
7.70
bosch/cpp7.3_firmware
7.72
bosch/cpp7.3_firmware
7.80 - 7.80.0129
bosch/cpp7_firmware
7.70
bosch/cpp7_firmware
7.72
bosch/cpp7_firmware
7.80 - 7.80.0129
Published
Jun 09, 2021
Tracked Since
Feb 18, 2026