Remote Code Execution Vulnerability in Bosch BVMS Mobile Video Service (BVMS MVS)

Remote Code Execution Vulnerability in Bosch BVMS Mobile Video Service (BVMS MVS)

CVE-2020-6770 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7.5 and older. This affects Bosch DIVAR IP 3000 and DIVAR IP 7000 if a vulnerable BVMS version is installed.

Learn more about our Mobile App Penetration Testing.