CVE-2021-23851

MEDIUM

Bosch Autodome IP 4000i Firmware - Buffer Overflow

Title source: rule

Description

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

References (2)

Core 2

Core References

Not Applicable, Vendor Advisory x_refsource_confirm

https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

Vendor Advisory

https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html

Scores

CVSS v3 6.8

EPSS 0.0024

EPSS Percentile 46.4%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-121 CWE-120

Status published

Products (50)

bosch/autodome_7000_firmware cpp4

bosch/autodome_ip_4000_hd_firmware cpp4

bosch/autodome_ip_4000i_firmware cpp7.3

bosch/autodome_ip_5000_hd_firmware cpp4

bosch/autodome_ip_5000_ir_firmware cpp4

bosch/autodome_ip_5000i_firmware cpp7.3

bosch/autodome_ip_starlight_5000i_firmware cpp7.3

bosch/autodome_ip_starlight_7000i_firmware cpp7.3

bosch/aviotec_ip_starlight_8000_firmware cpp6

bosch/dinion_hd_1080p_firmware cpp4

... and 40 more

Published Mar 30, 2022

Tracked Since Feb 18, 2026