BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote malicious user to brute-force the device password.
bosch bf-os