Описание
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1000 (включая) до 1500-sp2 (включая)
Одновременно
cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2272\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2301\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2514\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2515\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2666\):-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2673\):-:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.5
github
около 2 лет назад
The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.
EPSS
Процентиль: 34%
0.00141
Низкий
5.5 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79