- Mar 9, 2014
- 36,891
- 21,407
Bosch IP Camera Vulnerability (CVE-2018-19036)
"Summary
A recently discovered security vulnerability affects several Bosch IP cameras. It potentially allows the unauthorized execution of code on the device via the network interface. Bosch rates this vulnerability at 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H, Critical) and recommends customers to upgrade devices with updated firmware versions.
As of 2018-12-11, updated firmware files are published on the Bosch Download Store (link). As of 2018-12-12, there is currently no indication that the exploitation code is either publicly known or utilized.
If a firmware update is not possible in a timely manner, a reduction in the devices’ network exposure is advised. Internet-accessible Bosch IP cameras should be firewalled, whilst additional steps like network isolation by VLAN, IP filtering features of the devices and other technologies should be used to decrease the exposure of vulnerable devices."
"Summary
A recently discovered security vulnerability affects several Bosch IP cameras. It potentially allows the unauthorized execution of code on the device via the network interface. Bosch rates this vulnerability at 9.4 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H, Critical) and recommends customers to upgrade devices with updated firmware versions.
As of 2018-12-11, updated firmware files are published on the Bosch Download Store (link). As of 2018-12-12, there is currently no indication that the exploitation code is either publicly known or utilized.
If a firmware update is not possible in a timely manner, a reduction in the devices’ network exposure is advised. Internet-accessible Bosch IP cameras should be firewalled, whilst additional steps like network isolation by VLAN, IP filtering features of the devices and other technologies should be used to decrease the exposure of vulnerable devices."
