CVE-2021-23846

Summary

When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.

Affected Software

VendorProductVersion RangeStatus
BoschB426 Firmware03.01.0004affected
BoschB426 Firmware03.02.002affected
BoschB426 Firmware03.05.0003affected
BoschB426 Firmware03.03.0009affected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

References