WiFi Firmware Vulnerability Allows Attacker Access to Devices via Same WiFi Network
CVE-2023-49722

8.3HIGH

Key Information:

Vendor: Bosch
Status: Bcc101; Bcc102; Bcc50
Vendor: CVE Published:; 9 January 2024

Badges

📰 News Worthy

What is CVE-2023-49722?

A network port (8899) is exposed in the WiFi firmware of Bosch BCC101, BCC102, and BCC50 products. This vulnerability allows an attacker on the same WiFi network to connect to these devices, potentially compromising the security of the network and the devices themselves. It is crucial for users of these products to implement security measures and monitor network activity to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BCC101 4.13.20

BCC102 4.13.20

BCC50 4.13.20

News Articles

Dark Reading

CVE-2023-49722

Bosch Smart Thermostat Feels the Heat From Firmware Bug

The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user's network, or brick the device entirely, rendering HVAC unusable.

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-4738...

vendor-advisory

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Dark Reading
Jan 16, 2024
Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Nov 30, 2023

JSON

Bosch