CVE-2021-23845
8
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bosch | B426 Firmware | unspecified < 03.08 | affected |
| Bosch | B426-CN/B429- CN Firmware | unspecified < 03.08 | affected |
| Bosch | B426-M Firmware | unspecified < 03.10 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.