CVE-2021-23849

HIGH

Bosch CPP4, CPP6, CPP7, CPP7.3, CPP13, CPP14, and Aviotec Firmware - Unauthenticated Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0048
EPSS Percentile 38.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (21)
bosch/aviotec_firmware 7.61
bosch/aviotec_firmware 7.72
bosch/cpp13_firmware 7.75
bosch/cpp14_firmware 8.00
bosch/cpp4_firmware 7.10
bosch/cpp6_firmware 7.60
bosch/cpp6_firmware 7.61
bosch/cpp6_firmware 7.70
bosch/cpp6_firmware 7.80
bosch/cpp7.3_firmware 7.60
... and 11 more
Published Aug 05, 2021
Tracked Since Feb 18, 2026