Vulnerability Details : CVE-2015-6970
Potential exploit
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
Products affected by CVE-2015-6970
- cpe:2.3:o:boschsecurity:nbn-498_dinion2x_day\/night_ip_cameras_firmware:4.54.0026:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-6970
8.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-6970
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-6970
-
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6970
-
https://www.exploit-db.com/exploits/38369/
Bosch Security Systems Dinion NBN-498 - Web Interface XML Injection - Hardware webapps ExploitExploit;Third Party Advisory;VDB Entry
Jump to