Headline
CVE-2022-47648
Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user.
Product: B420 Firmware Version: 02.02.0001 IP Stack Version: 1.3.2 AES Lib Version: 01.00.0000 Vendor: Bosch Security Systems Vulnerability: Improper Access Control Description: An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can access gain access to the same panel without requiring any sort of authorization. Severity CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [High 7.8] References: https://resources-boschsecurity-cdn.azureedge.net/public/documents/Installation_Manual_all_4674592907.pdf https://drive.google.com/drive/folders/16jvVFyp9RlHvXvq7qbOCjCs1jiAPT3i_?usp=sharing