What is the severity of CVE-2021-23847?

CVE-2021-23847 has a severity rating of 9.1 (Critical).

Which devices are affected by CVE-2021-23847?

Devices of the CPP6, CPP7, and CPP7.3 family with firmware versions 7.70, 7.72, and 7.80 are affected.

How can an attacker exploit CVE-2021-23847?

An attacker can exploit CVE-2021-23847 by sending crafted requests to the vulnerable device.

Where can I find more information about CVE-2021-23847?

You can find more information about CVE-2021-23847 in the Bosch Security Advisories at the following link: [https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html](https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html)

Vulnerability/
CVE-2021-23847

critical

9.8

CWE

306 287

20/5/2021

3/8/2024

CVE-2021-23847: Unauthenticated Information Extraction Vulnerability

Q: What is CVE-2021-23847?

CVE-2021-23847 is a vulnerability in Bosch IP cameras that allows an unauthenticated remote attacker to extract sensitive information or change camera settings.

First published: Thu May 20 2021(Updated: )

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected.

Credit: psirt@bosch.com

Affected Software	Affected Version	How to fix
Bosch Cpp6 Firmware	>=7.80<7.80.0129
Bosch Cpp6 Firmware	=7.70
Bosch Cpp6 Firmware	=7.72
Bosch Cpp6
Bosch Cpp7 Firmware	>=7.80<7.80.0129
Bosch Cpp7 Firmware	=7.70
Bosch Cpp7 Firmware	=7.72
Bosch Cpp7
Bosch Cpp7.3 Firmware	>=7.80<7.80.0129
Bosch Cpp7.3 Firmware	=7.70
Bosch Cpp7.3 Firmware	=7.72
Bosch Cpp7.3

Never miss a vulnerability like this again

Reference Links

https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

Frequently Asked Questions

What is CVE-2021-23847?
CVE-2021-23847 is a vulnerability in Bosch IP cameras that allows an unauthenticated remote attacker to extract sensitive information or change camera settings.
What is the severity of CVE-2021-23847?
CVE-2021-23847 has a severity rating of 9.1 (Critical).
Which devices are affected by CVE-2021-23847?
Devices of the CPP6, CPP7, and CPP7.3 family with firmware versions 7.70, 7.72, and 7.80 are affected.
How can an attacker exploit CVE-2021-23847?
An attacker can exploit CVE-2021-23847 by sending crafted requests to the vulnerable device.
Where can I find more information about CVE-2021-23847?
You can find more information about CVE-2021-23847 in the Bosch Security Advisories at the following link: [https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html](https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html)

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/title
agent/last-modified-date
agent/author
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/bosch
canonical/bosch cpp6 firmware
version/bosch cpp6 firmware/7.80
version/bosch cpp6 firmware/7.70
version/bosch cpp6 firmware/7.72
canonical/bosch cpp6
canonical/bosch cpp7 firmware
version/bosch cpp7 firmware/7.80
version/bosch cpp7 firmware/7.70
version/bosch cpp7 firmware/7.72
canonical/bosch cpp7
canonical/bosch cpp7.3 firmware
version/bosch cpp7.3 firmware/7.80
version/bosch cpp7.3 firmware/7.70
version/bosch cpp7.3 firmware/7.72
canonical/bosch cpp7.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.