CVE-2021-23862
7.2
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bosch | BVMS | unspecified <= 9.0.0 | affected |
| Bosch | BVMS | 11.0 < 11.0.0 | affected |
| Bosch | BVMS | 10.0 < 10.0.2 | affected |
| Bosch | BVMS | 10.1 < 10.1.1 | affected |
| Bosch | DIVAR IP 7000 R2 | all | affected |
| Bosch | DIVAR IP all-in-one 5000 | all | affected |
| Bosch | DIVAR IP all-in-one 7000 | all | affected |
| Bosch | VRM | unspecified <= 3.81 | affected |
| Bosch | VRM | 4.0 <= 4.00.0070 | affected |
| Bosch | VRM | 3.83 <= 3.83.0021 | affected |
| Bosch | VRM | 3.82 <= 3.82.0057 | affected |
| Bosch | VJD-8000 | unspecified <= 10.01.0036 | affected |
| Bosch | VJD-7513 | unspecified <= 10.22.0038 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.