Skip to main

Unauthenticated information leak in Bosch IP cameras

BOSCH-SA-659648-BT

Advisory Information

  • Advisory ID: BOSCH-SA-659648-BT
  • CVE Numbers and CVSS v3.1 Scores:
  • Published: 21 Aug 2024
  • Last Updated: 21 Aug 2024

Summary

A vulnerability was discovered in internal testing of Bosch IP cameras of families CPP13 and CPP14, that allows an unauthenticated attacker to retrieve video analytics event data. No video data is leaked through this vulnerability.

Affected Products

  • Bosch Camera Firmware on: CPP13
    • CVE-2022-98765
      • Version(s): <= 8.91
  • Bosch Camera Firmware on: CPP14
    • CVE-2022-98765
      • Version(s): <= 9.10

Solution and Mitigations

Software Updates

The recommended approach is to update the affected Bosch firmware to a fixed version. If an update is not possible in a timely manner, users are recommended to follow the mitigations and workarounds described in the following section. The versions to fix this issue are listed in the Advisory Appendix.

A reboot of the camera is required after uploading the update.

The version of the firmware should be checked after the update to confirm successful installation e.g. in the web based interface (Services - System Overview)

Firewalling

Disallowing connections from insecure networks to the camera by means of a firewall prevents the attacker from accessing the information.

IP Filtering

The camera has the possibility to whitelist networks or IP addresses to only allow access from trusted networks or IPs, preventing an attacker from accessing the information.

Vulnerability Details

CVE-2022-98765

CVE description: A missing authentication check in Bosch IP cameras of families CPP13 and CPP14 allows an unauthenticated attacker to retrieve video analytics event data.

Remarks

Security Update Information

With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:

It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.

Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.

CVSS Scoring

Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.

Additional Resources

Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .

Revision History

  • 21 Aug 2024: Initial Publication

Appendix

Fixed Versions

Camera Family Version to fix this issue
CPP13
8.92.0048
CPP14
9.11.0009

Firmware Download

Material Lists

Bosch IP camera CPP13

Family Name CTN SAP#
AUTODOME inteox 7000i – 2 MP
NDP-7602-Z30
NDP-7602-Z30CT
NDP-7602-Z30K
NDP-7602-Z30-OC
F.01U.381.159
F.01U.381.160
F.01U.381.162
F.01U.382.880
AUTODOME 7000i
NDP-7602-Z40
F.01U.389.322
F.01U.394.938
AUTODOME 7100i IR - 2MP
NDP-7602-Z40L
F.01U.389.324
F.01U.394.936
AUTODOME 7100i IR - 8MP
NDP-7604-Z12L
F.01U.389.326
F.01U.394.918
DINION inteox 7100i IR
NBE-7604-AL
NBE-7604-AL-OC
F.01U.394.676
F.01U.386.377
FLEXIDOME inteox 7100i IR
NDE-7604-AL
NDE-7604-AL-OC
F.01U.394.577
F.01U.386.375
MIC inteox 7100i - 2MP
MIC-7602-Z30B
MIC-7602-Z30BR
MIC-7602-Z30W
MIC-7602-Z30WR
MIC-7602-Z30G
MIC-7602-Z30GR
F.01U.382.403
F.01U.381.145
F.01U.382.404
F.01U.381.146
F.01U.382.405
F.01U.381.147
MIC inteox 7100i - 2MP OC
MIC-7602-Z30BR-OC
MIC-7602-Z30WR-OC
MIC-7602-Z30GR-OC
F.01U.382.397
F.01U.382.398
F.01U.382.399
MIC inteox 7100i – 8MP
MIC-7604-Z12BR
MIC-7604-Z12WR
MIC-7604-Z12GR
F.01U.381.148
F.01U.381.149
F.01U.381.150
MIC inteox 7100i –  8MP OC
MIC-7604-Z12BR-OC
MIC-7604-Z12WR-OC
MIC-7604-Z12GR-OC
F.01U.382.400
F.01U.382.401
F.01U.382.402

Bosch IP camera CPP14

Family Name CTN SAP#
FLEXIDOME indoor 5100i
NDV-5702-A
NDV-5703-A
NDV-5704-A
F.01U.394.427
F.01U.394.429
F.01U.394.454
FLEXIDOME indoor 5100i IR
NDV-5702-AL
NDV-5703-AL
NDV-5704-AL
F.01U.394.428
F.01U.394.430
F.01U.394.455
FLEXIDOME outdoor 5100i
NDE-5702-A
NDE-5703-A
NDE-5704-A
F.01U.394.558
F.01U.394.560
F.01U.394.562
FLEXIDOME outdoor 5100i IR
NDE-5702-AL
NDE-5703-AL
NDE-5704-AL
F.01U.394.559
F.01U.394.561
F.01U.394.563
FLEXIDOME panoramic 5100i
NDS-5703-F360
NDS-5704-F360
F.01U.385.628
F.01U.385.629
FLEXIDOME panoramic 5100i IR
NDS-5703-F360LE
NDS-5704-F360LE
F.01U.385.630
F.01U.385.631
FLEXIDOME multi 7000i
NDM-7702-A
NDM-7703-A
F.01U.389.262
F.01U.389.263
FLEXIDOME multi 7000i IR
NDM-7702-AL
NDM-7703-AL
F.01U.389.264
F.01U.389.265
DINION 7100i IR
NBE-7702-ALX
NBE-7703-ALX
NBE-7704-ALT
NBE-7704-ALX
NBE-7703-ALXT
NBE-7702-ALXT
NBE-7704-AL
F.01U.390.686
F.01U.390.688
F.01U.390.691
F.01U.390.692
F.01U.390.689
F.01U.390.687
F.01U.390.690
FLEXIDOME corner 7100i IR
NCE-7703-FK
F.01U.407.683
FLEXIDOME indoor 3100i
NDI-3702-A
NDI-3703-A
F.01U.406.608
F.01U.406.610
FLEXIDOME indoor 3100i IR
NDI-3702-AL
NDI-3703-AL
F.01U.406.607
F.01U.406.609
FLEXIDOME outdoor 3100i IR
NDE-3703-AL
NDE-3702-AL
F.01U.406.612
F.01U.406.611
FLEXIDOME micro 3100i indoor
NUV-3702-F02
NUV-3702-F04
NUV-3702-F06
NUV-3703-F02
NUV-3703-F04
NUV-3703-F06
NUV-3702-F04H
NUV-3703-F02H
F.01U.408.377
F.01U.408.378
F.01U.408.379
F.01U.408.380
F.01U.408.381
F.01U.408.383
F.01U.408.398
F.01U.408.399
FLEXIDOME micro 3100i outdoor
NUE-3702-F02
NUE-3702-F04
NUE-3702-F06
NUE-3703-F02
NUE-3703-F04
NUE-3703-F06
F.01U.408.367
F.01U.408.370
F.01U.408.372
F.01U.408.373
F.01U.408.374
F.01U.408.375
DINION 3100i IR
NBE-3703-AL
NBE-3702-AL
F.01U.414.800
F.01U.414.799
DINION 5100i IR
NBE-5702-AL
NBE-5703-AL
NBE-5704-AL
F.01U.393.997
F.01U.393.998
F.01U.393.999
AVIOTEC 8000i IR
FCS-8000-VFD-I
F.01U.406.348