CVE-2019-11892

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
boschCNA
8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
boschsmart_home_controller_firmware
𝑥
< 9.8.905
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
boschsmart_home_controller
𝑥
< 9.8.905
CNA
Common Weakness Enumeration
References
https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html
https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html