CVE-2019-11892: Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)
First published: Wed May 29 2019(Updated: )
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Smart Home Controller Firmware | <9.8.905 | |
| Bosch Smart Home Controller Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11892?
CVE-2019-11892 has been classified as a high severity vulnerability.
How do I fix CVE-2019-11892?
To mitigate CVE-2019-11892, update your Bosch Smart Home Controller firmware to version 9.8.905 or later.
What systems are affected by CVE-2019-11892?
CVE-2019-11892 affects Bosch Smart Home Controller firmware versions prior to 9.8.905.
What is the impact of CVE-2019-11892?
CVE-2019-11892 can allow unauthorized reading or modification of the Smart Home Controller's configuration.
Is there a workaround for CVE-2019-11892?
Currently, there are no official workarounds for CVE-2019-11892 besides updating the firmware.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bosch
- canonical/bosch smart home controller firmware