Published: 18/02/2020 Updated: 27/02/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote malicious users to conduct XML injection attacks via the idstring parameter to rcp.xml.

Vulnerable Product	Search on Vulmon	Subscribe to Product
boschsecurity nbn-498_dinion2x_day\\/night_ip_cameras_firmware 4.54.0026

# Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface # Date: 01/09/2015 # Exploit Author: neom22 # Vendor Homepage: usboschsecuritycom # Data Sheet: resourceboschsecurityus/documents/Data_sheet_enUS_9007201286798987pdf # Version: Hardware Firmware 4540026 - Web Interface version is unknown ...

The Bosch Security Systems Dinion NBN-498 web interface suffers from an XML injection vulnerability ...

CWE-91 https://www.exploit-db.com/exploits/38369/https://nvd.nist.gov https://www.exploit-db.com/exploits/38369/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-6970

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect