CVE-2021-23848 - Bosch Cpp7 Firmware, Bosch Cpp4 Firmware and Bosch Cpp13 Firmware

June 9, 2021

Moderate 6.1

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user.

Affected software

Bosch Cpp7 Firmware

Bosch Cpp4 Firmware

Bosch Cpp13 Firmware

Bosch Cpp6 Firmware

Bosch Cpp7.3 Firmware

Reference links

https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

CVE-2021-23848 - Bosch Cpp7 Firmware, Bosch Cpp4 Firmware and Bosch Cpp13 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software