CVE-2021-23849
HIGHBosch CPP4, CPP6, CPP7, CPP7.3, CPP13, CPP14, and Aviotec Firmware - Unauthenticated Cross-Site Request Forgery
Title source: llmDescription
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html
Scores
CVSS v3
7.5
EPSS
0.0048
EPSS Percentile
38.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (21)
bosch/aviotec_firmware
7.61
bosch/aviotec_firmware
7.72
bosch/cpp13_firmware
7.75
bosch/cpp14_firmware
8.00
bosch/cpp4_firmware
7.10
bosch/cpp6_firmware
7.60
bosch/cpp6_firmware
7.61
bosch/cpp6_firmware
7.70
bosch/cpp6_firmware
7.80
bosch/cpp7.3_firmware
7.60
... and 11 more
Published
Aug 05, 2021
Tracked Since
Feb 18, 2026