CVE-2021-23845

Summary

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Affected Software

VendorProductVersion RangeStatus
BoschB426 Firmwareunspecified < 03.08affected
BoschB426-CN/B429- CN Firmwareunspecified < 03.08affected
BoschB426-M Firmwareunspecified < 03.10affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References