CVE-2022-41677
First published: Mon Dec 18 2023(Updated: )
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Bosch Cpp14 Firmware | <=8.80 | |
| Bosch Cpp14 Firmware | ||
| All of | ||
| Bosch Cpp13 Firmware | <=8.48 | |
| Bosch Cpp13 Firmware | ||
| All of | ||
| Bosch Common Product Platform 7.3 Firmware | <=7.86 | |
| Bosch Common Product Platform 7.3 Firmware | ||
| All of | ||
| Bosch Cpp7.3 Firmware | <=7.86 | |
| Bosch Cpp7 Firmware | ||
| All of | ||
| Bosch Cpp6 | <=7.86 | |
| Bosch Cpp6 Firmware | ||
| All of | ||
| Bosch Common Product Platform 4 Firmware | <=7.10 | |
| Bosch Cpp4 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-41677?
CVE-2022-41677 has been classified as an information disclosure vulnerability.
How do I fix CVE-2022-41677?
To mitigate CVE-2022-41677, ensure that your Bosch IP camera devices are updated to the latest firmware version beyond the vulnerable versions.
What devices are affected by CVE-2022-41677?
CVE-2022-41677 affects Bosch Cpp14 Firmware up to version 8.80, Cpp13 Firmware up to version 8.48, and several older firmware versions listed in the advisory.
Can CVE-2022-41677 be exploited remotely?
Yes, CVE-2022-41677 allows unauthenticated attackers to exploit the vulnerability remotely.
What type of information can be exposed due to CVE-2022-41677?
CVE-2022-41677 may disclose sensitive information such as the device's capabilities and internal network settings.
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/bosch
- canonical/bosch cpp14 firmware
- version/bosch cpp14 firmware/8.80
- canonical/bosch cpp13 firmware
- version/bosch cpp13 firmware/8.48
- canonical/bosch common product platform 7.3 firmware
- version/bosch common product platform 7.3 firmware/7.86
- canonical/bosch cpp7.3 firmware
- version/bosch cpp7.3 firmware/7.86
- canonical/bosch cpp7 firmware
- canonical/bosch cpp6
- version/bosch cpp6/7.86
- canonical/bosch cpp6 firmware
- canonical/bosch common product platform 4 firmware
- version/bosch common product platform 4 firmware/7.10
- canonical/bosch cpp4 firmware