Information Disclosure Vulnerability in Bosch IP cameras
BOSCH-SA-839739-BT
Advisory Information
- Advisory ID: BOSCH-SA-839739-BT
- CVE Numbers and CVSS v3.1 Scores:
- CVE-2022-41677
- Base Score: 5.3 (Medium)
- CVE-2022-41677
- Published: 28 Jun 2023
- Last Updated: 13 Dec 2023
Summary
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information about the device itself (like capabilities) and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
This vulnerability was discovered by Souvik Kandar and Arko Dhar from Redinent Innovations, India
Affected Products
- Bosch Camera Firmware on: CPP14
- CVE-2022-41677
- Version(s): <= 8.80
- CVE-2022-41677
- Bosch Camera Firmware on: CPP13
- CVE-2022-41677
- Version(s): <= 8.48
- CVE-2022-41677
- Bosch Camera Firmware on: CPP7.3
- CVE-2022-41677
- Version(s): <= 7.86
- CVE-2022-41677
- Bosch Camera Firmware on: CPP7
- CVE-2022-41677
- Version(s): <= 7.86
- CVE-2022-41677
- Bosch Camera Firmware on: CPP6
- CVE-2022-41677
- Version(s): <= 7.86
- CVE-2022-41677
- Bosch Camera Firmware on: CPP4
- CVE-2022-41677
- Version(s): <= 7.10
- CVE-2022-41677
Solution and Mitigations
Software Updates
The recommended approach is to update the affected Bosch firmware to a fixed version. The fixed version will increase required access rights for several commands. If an update is not possible in timely manner, users are recommended to follow the mitigations and workarounds described in the following section.
A reboot of the camera is required after uploading the update.
The version of the firmware should be checked after the update to confirm successful installation e.g. in the web based interface (Service - System Overview)
Firewalling
Disallowing connections from insecure networks to the camera by means of a firewall prevents the attacker from accessing the information.
IP Filtering
The camera has the possibility to whitelist networks or IP addresses to only allow access from trusted networks or IPs, preventing an attacker from accessing the information.
Vulnerability Details
CVE-2022-41677
CVE description: An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
- Problem Type:
- CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Base Score: 5.3 (Medium)
Remarks
Security Update Information
With respect to Directive (EU) 2019/770 and Directive (EU) 2019/771 and their national transposition laws, please note:
It is your responsibility to download and/or install any security updates provided by us, for example to maintain product or data security. If you fail to install a security update provided to you within a reasonable period of time, we will not be liable for any product defect solely due to the absence of such security update.
Alternatively, we are entitled to directly download and/or install security updates regardless of your settings. In these cases, we will provide you with the relevant information, e.g. in this security advisory.
CVSS Scoring
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
- [1] Firmware Download Area: https://downloadstore.boschsecurity.com/index.php?type=FW
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 13 Dec 2023: Update on released Firmware (CPP14)
- 31 Jul 2023: Update on released Firmware (CPP13)
- 28 Jun 2023: Initial Publication
Appendix
Fixed Versions
Camera Family | Version to fix this issue |
---|---|
CPP14
|
9.00.0210
|
CPP13
|
8.90.0036
|
CPP7.3
|
7.87.0029
|
CPP7
|
7.87.0029
|
CPP6
|
7.87.0029
|
CPP4
|
no fix available
|
Affected Platforms and Cameras
CPP14
-
FLEXIDOME indoor 5100i
-
FLEXIDOME indoor 5100i IR
-
FLEXIDOME outdoor 5100i
-
FLEXIDOME outdoor 5100i IR
-
FLEXIDOME panoramic 5100i
-
FLEXIDOME panoramic 5100i IR
-
FLEXIDOME multi 7000i
-
FLEXIDOME multi 7000i IR
-
DINION 7100i IR
CPP13
-
AUTODOME inteox 7000i
-
AUTODOME 7000i
-
AUTODOME 7100i IR - 2MP
-
AUTODOME 7100i IR - 8MP
-
DINION inteox 7100i IR
-
FLEXIDOME inteox 7100i IR
-
MIC inteox 7100i - 2MP
-
MIC inteox 7100i - 2MP OC
-
MIC inteox 7100i – 8MP
-
MIC inteox 7100i – 8MP OC
CPP7.3
-
AUTODOME IP 4000i
-
AUTODOME IP 5000i
-
AUTODOME IP starlight 5000i (IR)
-
AUTODOME IP starlight 7000i
-
DINION IP 3000i
-
DINION IP bullet 4000i
-
DINION IP bullet 5000
-
DINION IP bullet 5000i
-
DINION IP bullet 6000i
-
FLEXIDOME IP 3000i
-
FLEXIDOME IP 4000i
-
FLEXIDOME IP 5000i
-
FLEXIDOME IP starlight 5000i (IR)
-
FLEXIDOME IP starlight 8000i
-
MIC IP starlight 7000i
-
MIC IP starlight 7100i
-
MIC IP ultra 7100i
-
MIC IP fusion 9000i
CPP7
-
DINION IP starlight 6000
-
DINION IP starlight 7000
-
DINION IP thermal 8000
-
FLEXIDOME IP starlight 6000
-
FLEXIDOME IP starlight 7000
-
DINION IP thermal 9000 RM
CPP6
-
DINION IP starlight 8000 12MP
-
DINION IP ultra 8000 12MP
-
DINION IP ultra 8000 12MP with C/CS mount telephoto lens
-
FLEXIDOME IP panoramic 6000 12MP 180
-
FLEXIDOME IP panoramic 6000 12MP 360
-
FLEXIDOME IP panoramic 6000 12MP 180 IVA
-
FLEXIDOME IP panoramic 6000 12MP 360 IVA
-
FLEXIDOME IP panoramic 7000 12MP 180
-
FLEXIDOME IP panoramic 7000 12MP 360
-
FLEXIDOME IP panoramic 7000 12MP 180 IVA
-
FLEXIDOME IP panoramic 7000 12MP 360 IVA
CPP4
-
AUTODOME IP 4000 HD
-
AUTODOME IP 5000 HD
-
AUTODOME IP 5000 IR
-
AUTODOME 7000 series
-
DINION HD 1080p
-
DINION HD 1080p HDR
-
DINION HD 720p
-
DINION imager 9000 HD
-
DINION IP bullet 4000
-
DINION IP bullet 5000
-
DINION IP 4000 HD
-
DINION IP 5000 HD
-
DINION IP 5000 MP
-
DINION IP starlight 7000 HD
-
FLEXIDOME corner 9000 MP
-
FLEXIDOME HD 1080p
-
FLEXIDOME HD 1080p HDR
-
FLEXIDOME HD 720p
-
Vandal-proof FLEXIDOME HD 1080p
-
Vandal-proof FLEXIDOME HD 1080p HDR
-
Vandal-proof FLEXIDOME HD 720p
-
FLEXIDOME IP micro 2000 HD
-
FLEXIDOME IP micro 2000 IP
-
FLEXIDOME IP indoor 4000 HD
-
FLEXIDOME IP indoor 4000 IR
-
FLEXIDOME IP outdoor 4000 HD
-
FLEXIDOME IP outdoor 4000 IR
-
FLEXIDOME IP indoor 5000 HD
-
FLEXIDOME IP indoor 5000 MP
-
FLEXIDOME IP micro 5000 MP
-
FLEXIDOME IP outdoor 5000 HD
-
FLEXIDOME IP outdoor 5000 MP
-
FLEXIDOME IP panoramic 5000
-
IP bullet 4000 HD
-
IP bullet 5000 HD
-
IP micro 2000
-
IP micro 2000 HD
-
MIC IP dynamic 7000
-
MIC IP starlight 7000
-
TINYON IP 2000 family