Missing Authentication for Critical Function in Bosch Video Streaming Gateway

Published

2020-01-29 00:00:00 UTC

Summary

BOSCH-SA-260625-BT: A recently discovered security vulnerability affects the Bosch Video Streaming Gateway (VSG). The vulnerability is exploitable via the network interface. An unauthorized attacker can retrieve and set arbitrary configuration data of the VSG. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 10.0 (Critical) and strongly recommends customers to update vulnerable components with fixed software versions. The vulnerability was discovered during internal security tests.