high
7.2
CWE
120 121 119
Advisory Published
Updated

CVE-2021-23850: Buffer Overflow vulnerability in the recovery image telnet server

First published: Wed Mar 30 2022(Updated: )

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Credit: psirt@bosch.com

Affected SoftwareAffected VersionHow to fix
Bosch Autodome Ip 4000i Firmware=cpp7.3
Bosch Autodome Ip 4000i
Bosch Autodome Ip 5000i Firmware=cpp7.3
Bosch Autodome Ip 5000i
Bosch Autodome Ip Starlight 5000i Firmware=cpp7.3
Bosch Autodome Ip Starlight 5000i
Bosch Autodome Ip Starlight 7000i Firmware=cpp7.3
Bosch Autodome Ip Starlight 7000i
Bosch Dinion Ip 3000i Firmware=cpp7.3
Bosch Dinion Ip 3000i
Bosch Dinion Ip Bullet 4000i Firmware=cpp7.3
Bosch Dinion Ip Bullet 4000i
Bosch Dinion Ip Bullet 5000 Firmware=cpp7.3
Bosch Dinion Ip Bullet 5000
Bosch Dinion Ip Bullet 5000i Firmware=cpp7.3
Bosch Dinion Ip Bullet 5000i
Bosch Dinion Ip Bullet 6000i Firmware=cpp7.3
Bosch Dinion Ip Bullet 6000i
Bosch Flexidome Ip 3000i Firmware=cpp7.3
Bosch Flexidome Ip 3000i
Bosch Flexidome Ip 4000i Firmware=cpp7.3
Bosch Flexidome Ip 4000i
Bosch Flexidome Ip 5000i Firmware=cpp7.3
Bosch Flexidome Ip 5000i
Bosch Flexidome Ip Starlight 5000i Firmware=cpp7.3
Bosch Flexidome Ip Starlight 5000i
Bosch Flexidome Ip Starlight 8000i Firmware=cpp7.3
Bosch Flexidome Ip Starlight 8000i
Bosch Mic Ip Starlight 7000i Firmware=cpp7.3
Bosch Mic Ip Starlight 7000i
Bosch Mic Ip Starlight 7100i Firmware=cpp7.3
Bosch Mic Ip Starlight 7100i
Bosch Mic Ip Ultra 7100i Firmware=cpp7.3
Bosch Mic Ip Ultra 7100i
Bosch Mic Ip Fusion 9000i Firmware=cpp7.3
Bosch Mic Ip Fusion 9000i
Bosch Dinion Ip Starlight 6000 Firmware=cpp7
Bosch Dinion Ip Starlight 6000
Bosch Dinion Ip Starlight 7000 Firmware=cpp7
Bosch Dinion Ip Starlight 7000
Bosch Dinion Ip Thermal 8000 Firmware=cpp7
Bosch Dinion Ip Thermal 8000
Bosch Flexidome Ip Starlight 6000 Firmware=cpp7
Bosch Flexidome Ip Starlight 6000
Bosch Flexidome Ip Starlight 7000 Firmware=cpp7
Bosch Flexidome Ip Starlight 7000
Bosch Dinion Ip Thermal 9000 Rm Firmware=cpp7
Bosch Dinion Ip Thermal 9000 Rm
Bosch Aviotec Ip Starlight 8000 Firmware=cpp6
Bosch Aviotec Ip Starlight 8000
Bosch Dinion Ip Starlight 8000 Firmware=cpp6
Bosch Dinion Ip Starlight 8000
Bosch Dinion Ip Ultra 8000 Firmware=cpp6
Bosch Dinion Ip Ultra 8000
Bosch Flexidome Ip Panoramic 6000 Firmware=cpp6
Bosch Flexidome Ip Panoramic 6000
Bosch Flexidome Ip Panoramic 7000 Firmware=cpp6
Bosch Flexidome Ip Panoramic 7000
Bosch Autodome Ip 4000 Hd Firmware=cpp4
Bosch Autodome Ip 4000 Hd
Bosch Autodome Ip 5000 Hd Firmware=cpp4
Bosch Autodome Ip 5000 Hd
Bosch Autodome Ip 5000 Ir Firmware=cpp4
Bosch Autodome Ip 5000 Ir
Bosch Autodome 7000 Firmware=cpp4
Bosch Autodome 7000
Bosch Dinion Hd 1080p Firmware=cpp4
Bosch Dinion Hd 1080p
Bosch Dinion Hd 1080p Hdr Firmware=cpp4
Bosch Dinion Hd 1080p Hdr
Bosch Dinion Hd 720p Firmware=cpp4
Bosch Dinion Hd 720p
Bosch Dinion Imager 9000 Hd Firmware=cpp4
Bosch Dinion Imager 9000 Hd
Bosch Dinion Ip Bullet 4000 Firmware=cpp4
Bosch Dinion Ip Bullet 4000
Bosch Dinion Ip Bullet 5000 Firmware=cpp4
Bosch Dinion Ip 4000 Hd Firmware=cpp4
Bosch Dinion Ip 4000 Hd
Bosch Dinion Ip 5000 Hd Firmware=cpp4
Bosch Dinion Ip 5000 Hd
Bosch Dinion Ip 5000 Mp Firmware=cpp4
Bosch Dinion Ip 5000 Mp
Bosch Dinion Ip Starlight 7000 Hd Firmware=cpp4
Bosch Dinion Ip Starlight 7000 Hd
Bosch Flexidome Corner 9000 Mp Firmware=cpp4
Bosch Flexidome Corner 9000 Mp
Bosch Flexidome Hd 1080p Firmware=cpp4
Bosch Flexidome Hd 1080p
Bosch Flexidome Hd 1080p Hdr Firmware=cpp4
Bosch Flexidome Hd 1080p Hdr
Bosch Flexidome Hd 720p Firmware=cpp4
Bosch Flexidome Hd 720p
Bosch Vandal-proof Flexidome Hd 1080p Firmware=cpp4
Bosch Vandal-proof Flexidome Hd 1080p
Bosch Vandal-proof Flexidome Hd 1080p Hdr Firmware=cpp4
Bosch Vandal-proof Flexidome Hd 1080p Hdr
Bosch Vandal-proof Flexidome Hd 720p Firmware=cpp4
Bosch Vandal-proof Flexidome Hd 720p
Bosch Flexidome Ip Micro 2000 Hd Firmware=cpp4
Bosch Flexidome Ip Micro 2000 Hd
Bosch Flexidome Ip Micro 2000 Ip Firmware=cpp4
Bosch Flexidome Ip Micro 2000 Ip
Bosch Flexidome Ip Indoor 4000 Hd Firmware=cpp4
Bosch Flexidome Ip Indoor 4000 Hd
Bosch Flexidome Ip Indoor 4000 Ir Firmware=cpp4
Bosch Flexidome Ip Indoor 4000 Ir
Bosch Flexidome Ip Outdoor 4000 Hd Firmware=cpp4
Bosch Flexidome Ip Outdoor 4000 Hd
Bosch Flexidome Ip Outdoor 4000 Ir Firmware=cpp4
Bosch Flexidome Ip Outdoor 4000 Ir
Bosch Flexidome Ip Indoor 5000 Hd Firmware=cpp4
Bosch Flexidome Ip Indoor 5000 Hd
Bosch Flexidome Ip Indoor 5000 Mp Firmware=cpp4
Bosch Flexidome Ip Indoor 5000 Mp
Bosch Flexidome Ip Micro 5000 Mp Firmware=cpp4
Bosch Flexidome Ip Micro 5000 Mp
Bosch Flexidome Ip Outdoor 5000 Hd Firmware=cpp4
Bosch Flexidome Ip Outdoor 5000 Hd
Bosch Flexidome Ip Outdoor 5000 Mp Firmware=cpp4
Bosch Flexidome Ip Outdoor 5000 Mp
Bosch Flexidome Ip Panoramic 5000 Firmware=cpp4
Bosch Flexidome Ip Panoramic 5000
Bosch Ip Bullet 4000 Hd Firmware=cpp4
Bosch Ip Bullet 4000 Hd
Bosch Ip Bullet 5000 Hd Firmware=cpp4
Bosch Ip Bullet 5000 Hd
Bosch Ip Micro 2000 Firmware=cpp4
Bosch Ip Micro 2000
Bosch Ip Micro 2000 Hd Firmware=cpp4
Bosch Ip Micro 2000 Hd
Bosch Mic Ip Dynamic 7000 Firmware=cpp4
Bosch Mic Ip Dynamic 7000
Bosch Mic Ip Starlight 7000 Firmware=cpp4
Bosch Mic Ip Starlight 7000
Bosch Tinyon Ip 2000 Firmware=cpp4
Bosch Tinyon Ip 2000

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203