CVE-2021-23862: Authenticated Remote Code Execution

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23862

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Authenticated Remote Code Execution

Source: NVD (National Vulnerability Database)

Vulnerability Description

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款Bosch产品操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Bosch Access Professional Edition等都是德国博世（Bosch）公司的产品。Bosch Access Professional Edition是一套企业访问控制和安防管理解决方案。Bosch VRM是一个应用软件。Bosch BVMS是一个应用系统。 Bosch 多款产品存在操作系统命令注入漏洞，攻击者可利用此漏洞通过发送精心编制的配置数据包在系统上下文中执行任意命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Bosch	BVMS	unspecified ~ 9.0.0	-
Bosch	DIVAR IP 7000 R2	all	-
Bosch	DIVAR IP all-in-one 5000	all	-
Bosch	DIVAR IP all-in-one 7000	all	-
Bosch	VRM	unspecified ~ 3.81	-
Bosch	VJD-8000	unspecified ~ 10.01.0036	-
Bosch	VJD-7513	unspecified ~ 10.22.0038	-

II. Public POCs for CVE-2021-23862

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23862

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: BVMS

Same vendor: Bosch

Same weakness: CWE-20

V. Comments for CVE-2021-23862

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-23862

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23862

III. Intelligence Information for CVE-2021-23862

IV. Related Vulnerabilities

V. Comments for CVE-2021-23862

Leave a comment