Bosch VDOO 2018 Vulnerability

By: IPVM Team, Published on Dec 20, 2018

Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new vulnerability, including:

  • Bosch Vulnerability Details
  • Impact of Vulnerability
  • Bosch's Response

Those interested should see our details on other vulnerabilities disclosed by VDOO, including:

And see IPVM's Cybersecurity Vulnerability Directory.

******** ******** *********** ********** ********* ************* ** ***** IP *******. ******, ** ***** the ********* ******* ** this *** *************, *********:

  • ***** ************* *******
  • ****** ** *************
  • *****'* ********

***** ********** ****** *** our ******* ** ***** vulnerabilities ********* ** ****, including:

*** *** ****'************** ************* *********.

[***************]

Bosch ************* *******

*** ************* ** ***** 9.4/10 ** ** ****** unauthorized ****** **** ********* via * ****** ********, affecting ***** ** ******* starting **** ******** *.** but ***** **** *.**. Exact ******* ** *** vulnerability **** *** *** been ********. **** *** stated **** **** **** not ******* ** ** when **** **** ** release * ***** ** concept. *********** ************* *********** ***** *** ***** awaiting ******* ** ****** their *** *******.

Impact ** *************

** ******* *** ************* network ****** ** ********. Discovering **** ************* ******** an ******** ******* ********* of ***** ********, *** exploiting *** ************* **** requires ************* ******. ***** *** currently ** ***** ********* devices.

***** ******* ****** ** updated ***** ******* ******** (*.**), ***** ******* **** vulnerability. **** ************* *** introduced ** ******** ****. Versions ***** ** *.** are *** ********.

***** ******* ***** ***********-***** authentication *** *** ******** (details ** *****'* ******** advisory), ****** **** ** much **** ******* **** simply ******** ******** *** most ***** ** *** employ ************.

Updated: ***** ********

***** *********** * ******** ******** ********* *** ********, ********* details, *** **********. ***** has **** *************** ************ ******* **** *************, and says **** **** **** informed ***** *** ********* roles ***** *** ************* so **** *** ****** disseminate *** ***********.

***** **** ******** *** following ******:

** **** ******** ******** version ** *** ** (6.51.0028, *.**.****, *.**.****) ** our ********* *** *** forced ** ******* ** ****** ** ********, ***** ********* ** certain ***** *** **** to ** ********** *******/*********** efforts **** ***.

First ***** ** ****** *************

* ****** ************* **************** ** ***** ******** for ***** ** *******.

Bosch ****** **** ** ***********

***** **** ** *** first ********* ************* *** Bosch ** ******* *** while ** ** ******* how ********* ** ** to *******, ***** ******* are ******** **** ** high-security ************ **** *********** in *** ** *** Europe. ** ****, ***** has ** ********** **** responsibility ** ****** **** there *** ** ***************.

Comments (6)

Undisclosed #1

12/20/18 05:00pm

**** (***) **** *** linked ****** ** ******** info:

Certificate ***** ************** (******)

******** **** ******* *.**.****, the “***************” ****** ** the ************* *** ** mitigated ** “*************” ** enabling ***********-***** **************, **** executing ********** ********* *****. After ** ******* *********** authentication *****, ********** ********* is ********* *** ****** operation: ******* **** **, disable ****-********, *** ******* password **************. **** ******** the ********* ** ****** a ***** ******-*********** ****** the ******* ***-*********.

***** ***********-***** ************** ***** it **** ********** *** unauthorized ******* ** ******* the ******, **** ** exposed ** *** ****** internet. ****, ****** *** Hik ***** ****** ************* where ****** **** ******* access ** *** ****** could ******* **, *** can *********** ****** *** Bosch ****** ******* ****** to ****** **** *********, VPNs, ***. ** ******, this ******** *** ****** accessing *** ****** **** support ***********-***** **************.

**** ******* ** ** an ******* *******'* ***+ ***, **** ****** **** form ** *****-****-****** ******, as **** ********* ****** overflow, *** *** ****-***** credentials ** *** ********** that ****** ********** *********** to *********.

Undisclosed Manufacturer #2

12/20/18 08:07pm

“**** ************* *** ********** in ******** ****”.

** *** **** ****?

Avatar

John Scanlan

IPVM | IPVMU Certified | In reply to Undisclosed Manufacturer #2 | 12/20/18 08:20pm

***** ** **** *** not *****. *** ************* was ********** ** *** firmware ** ******** ****. Even ****** *** ************* was ***** *** * couple ** ***** ** was *** ********** ***** 2018.

Undisclosed #3

12/24/18 02:51pm

"********* ***** ** ******* with ******** *.** ** higher"

*** * ****** *** new ******** **** ***** this ** ****** **** 6.32?  *** ***** ******* the **** *** ** to ******* * ******.

John Honovich

IPVM | In reply to Undisclosed #3 | 12/24/18 02:56pm

*'** ****** **** ******** for ******* - "********* Bosch ** ******* ******** with ******** *.** *** fixed **** *.**".

****: ** ** ******* in *** **** *******:

***** ******* ****** ** updated ** *** ******* ******** (*.**), ***** ******* **** vulnerability. **** ************* *** introduced ** ******** ****.

Avatar

John Scanlan

IPVM | IPVMU Certified | 01/03/19 07:02pm

***** ********* ** **** an ****** ** ***** response ** *** *************:

** **** ******** ******** version ** *** ** (6.51.0028, *.**.****, *.**.****) ** our ********* *** *** forced ** ******* ** a ****** ** ********, ***** ********* ** certain ***** *** **** to ** ********** *******/*********** efforts **** ***.

Read this IPVM report for free.

This article is part of IPVM's 6,306 reports, 842 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed access to the recorders. While it was first attributed to Huawei...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua OEM Directory on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...

Most Recent Industry Reports

EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from Both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...