Описание
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:bosch:b426_firmware:03.01.0004:*:*:*:*:*:*:*
cpe:2.3:o:bosch:b426_firmware:03.02.002:*:*:*:*:*:*:*
cpe:2.3:o:bosch:b426_firmware:03.03.0009:*:*:*:*:*:*:*
cpe:2.3:o:bosch:b426_firmware:03.05.0003:*:*:*:*:*:*:*
cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00135
Низкий
8.8 High
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
CWE-319
Связанные уязвимости
github
больше 3 лет назад
When using http protocol, the user password is transmitted as a clear text parameter for which it is possible to be obtained by an attacker through a MITM attack. This will be fixed starting from Firmware version 3.11.5, which will be released on the 30th of June, 2021.
EPSS
Процентиль: 34%
0.00135
Низкий
8.8 High
CVSS3
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-319
CWE-319