CVE-2022-41677

Summary

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

Affected Software

VendorProductVersion RangeStatus
BoschCamera Firmware0 <= 8.80affected
BoschCamera Firmware0 <= 8.48affected
BoschCamera Firmware0 <= 7.86affected
BoschCamera Firmware0 <= 7.86affected
BoschCamera Firmware0 <= 7.86affected
BoschCamera Firmware0 <= 7.10affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References