CVE-2021-23845
Summary
| CVE | CVE-2021-23845 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-18 14:15:00 UTC |
| Updated | 2021-06-24 17:12:00 UTC |
| Description | This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bosch | B426 | - | All | All | All |
| Hardware | Bosch | B426-cn | - | All | All | All |
| Operating System | Bosch | B426-cn Firmware | All | All | All | All |
| Hardware | Bosch | B426-m | - | All | All | All |
| Operating System | Bosch | B426-m Firmware | All | All | All | All |
| Operating System | Bosch | B426 Firmware | All | All | All | All |
| Hardware | Bosch | B429-cn | - | All | All | All |
| Operating System | Bosch | B429-cn Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Several Vulnerabilities in Bosch B426, B426-CN/B429-CN, and B426-M | Bosch PSIRT | CONFIRM | psirt.bosch.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.