Kaspersky publishes information on newly identified vulnerabilities in order to raise user awareness of the IT security threats detected. Kaspersky does not make any guarantees in respect of information received from vendors of products in which vulnerabilities have been identified, which is included in the following sections of the advisory: Affected Products, Vendor Mitigation.
|CWE||CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)|
Kaspersky ICS CERT discovered a reflected XSS in a page parameter.
⚠ It is possible to execute any RCP+ command via RCP+ over CGI, if victim follows the attacker’s malicious link and authenticates into camera.
|CVSS v3 Base Score||9.6 (Critical)|
|Exploitability||⚠ Remotely exploitable: victim should have a network access to ports 80/TCP or 443/TCP.|
|Difficulty||⚠ Low skill level to exploit|
|Privilege required||⚠ No privileges required|
|User interaction||User interaction required: a user must follow the attacker’s malicious link to login page and login into with correct credentials|
|Robert Bosch GmbH mitigation||
Software Updates: The recommended approach is to update the affected Bosch firmware to a fixed version. If an update is not possible in timely manner, users are recommended to follow the mitigations and workarounds described in the following section.
Secure Configuration Environment: It is advised to use a Bosch tool like the Configuration Manager to configure the camera, that does not allow for issues like CSRF and XSS.
When using the web based configuration interface and currently being logged in as administrator, some security precautions can be taken to mitigate XSS and CSRF vulnerabilities:
2021-04-20 – Vulnerability reported
2021-06-09 – Robert Bosch GmbH published the advisory