WiFi Firmware Vulnerability Allows Attacker Access to Devices via Same WiFi Network
CVE-2023-49722

8.3HIGH

Key Information:

Vendor: Bosch
Status: Bcc101; Bcc102; Bcc50
Vendor: CVE Published:; 9 January 2024

Badges

📰 News Worthy

What is CVE-2023-49722?

A network port (8899) is exposed in the WiFi firmware of Bosch BCC101, BCC102, and BCC50 products. This vulnerability allows an attacker on the same WiFi network to connect to these devices, potentially compromising the security of the network and the devices themselves. It is crucial for users of these products to implement security measures and monitor network activity to mitigate risks.

Affected Version(s)

BCC101 4.13.20

BCC102 4.13.20

BCC50 4.13.20

News Articles

Dark Reading

CVE-2023-49722

Bosch Smart Thermostat Feels the Heat From Firmware Bug

The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user's network, or brick the device entirely, rendering HVAC unusable.

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-4738...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
Jan 16, 2024
Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Nov 30, 2023

CVE-2023-49722 Data

JSON