Strix
26.1K

CVE-2021-23850

HIGHCVSS 7.2/10EPSS 1.47%

Last modified

CVE-2021-23850 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. EPSS estimates a 1.47% chance of exploitation in the next 30 days.

Description

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.47%

70.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BoschAutodome Ip 4000i Firmwarecpp7.3
BoschAutodome Ip 5000i Firmwarecpp7.3
BoschAutodome Ip Starlight 5000i Firmwarecpp7.3
BoschAutodome Ip Starlight 7000i Firmwarecpp7.3
BoschDinion Ip 3000i Firmwarecpp7.3
BoschDinion Ip Bullet 4000i Firmwarecpp7.3
BoschDinion Ip Bullet 5000 Firmwarecpp7.3
BoschDinion Ip Bullet 5000i Firmwarecpp7.3
BoschDinion Ip Bullet 6000i Firmwarecpp7.3
BoschFlexidome Ip 3000i Firmwarecpp7.3
BoschFlexidome Ip 4000i Firmwarecpp7.3
BoschFlexidome Ip 5000i Firmwarecpp7.3
BoschFlexidome Ip Starlight 5000i Firmwarecpp7.3
BoschFlexidome Ip Starlight 8000i Firmwarecpp7.3
BoschMic Ip Starlight 7000i Firmwarecpp7.3
BoschMic Ip Starlight 7100i Firmwarecpp7.3
BoschMic Ip Ultra 7100i Firmwarecpp7.3
BoschMic Ip Fusion 9000i Firmwarecpp7.3
BoschDinion Ip Starlight 6000 Firmwarecpp7
BoschDinion Ip Starlight 7000 Firmwarecpp7
BoschDinion Ip Thermal 8000 Firmwarecpp7
BoschFlexidome Ip Starlight 6000 Firmwarecpp7
BoschFlexidome Ip Starlight 7000 Firmwarecpp7
BoschDinion Ip Thermal 9000 Rm Firmwarecpp7
BoschAviotec Ip Starlight 8000 Firmwarecpp6
BoschDinion Ip Starlight 8000 Firmwarecpp6
BoschDinion Ip Ultra 8000 Firmwarecpp6
BoschFlexidome Ip Panoramic 6000 Firmwarecpp6
BoschFlexidome Ip Panoramic 7000 Firmwarecpp6
BoschAutodome Ip 4000 Hd Firmwarecpp4
BoschAutodome Ip 5000 Hd Firmwarecpp4
BoschAutodome Ip 5000 Ir Firmwarecpp4
BoschAutodome 7000 Firmwarecpp4
BoschDinion Hd 1080p Firmwarecpp4
BoschDinion Hd 1080p Hdr Firmwarecpp4
BoschDinion Hd 720p Firmwarecpp4
BoschDinion Imager 9000 Hd Firmwarecpp4
BoschDinion Ip Bullet 4000 Firmwarecpp4
BoschDinion Ip Bullet 5000 Firmwarecpp4
BoschDinion Ip 4000 Hd Firmwarecpp4
BoschDinion Ip 5000 Hd Firmwarecpp4
BoschDinion Ip 5000 Mp Firmwarecpp4
BoschDinion Ip Starlight 7000 Hd Firmwarecpp4
BoschFlexidome Corner 9000 Mp Firmwarecpp4
BoschFlexidome Hd 1080p Firmwarecpp4
BoschFlexidome Hd 1080p Hdr Firmwarecpp4
BoschFlexidome Hd 720p Firmwarecpp4
BoschVandal-Proof Flexidome Hd 1080p Firmwarecpp4
BoschVandal-Proof Flexidome Hd 1080p Hdr Firmwarecpp4
BoschVandal-Proof Flexidome Hd 720p Firmwarecpp4

Showing 50 of 69 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-23850?
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.
How severe is CVE-2021-23850?
CVE-2021-23850 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.47% probability of exploitation in the next 30 days.
How do I fix CVE-2021-23850?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-23850?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST