How severe is CVE-2020-6769?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2020-6769?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2020-6769

CRITICAL Year: 2020

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-306

View all →

Vulnerability Description

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confidentiality and availability of live and recorded video data of all cameras configured to be controlled by the VSG as well as the recording storage associated with the VSG. This affects Bosch Video Streaming Gateway versions 6.45 <= 6.45.08, 6.44 <= 6.44.022, 6.43 <= 6.43.0023 and 6.42.10 and older. This affects Bosch DIVAR IP 3000, DIVAR IP 7000 and DIVAR IP all-in-one 5000 if a vulnerable VSG version is installed with BVMS. This affects Bosch DIVAR IP 2000 <= 3.62.0019 and DIVAR IP 5000 <= 3.80.0039 if the corresponding port 8023 has been opened in the device's firewall.

CVE-2018-19248

CRITICAL

CVSS:9.1(Critical)

The web service on Epson WorkForce WF-2861 10.48 LQ22I3(Recovery-mode), WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer w...

CWE-3062018

CVE-2019-10668

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose informat...

CWE-3062019

CVE-2019-11496

CRITICAL

CVSS:9.1(Critical)

In versions of Couchbase Server prior to 5.0, the bucket named "default" was a special bucket that allowed read and write access without authentication. As part of 5.0, the behavior of all buckets inc...

CWE-3062019

CVE-2019-17512

CRITICAL

CVSS:9.1(Critical)

There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can clear the router's log file via act=clear&logtype=sysact to log_clear.php, which ...

CWE-3062019

CVE-2019-4244

CRITICAL

CVSS:9.1(Critical)

IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-F...

CWE-3062019

CVE-2019-5077

CRITICAL

CVSS:9.1(Critical)

An exploitable denial-of-service vulnerability exists in the iocheckd service ‘’I/O-Chec’’ functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC 100 Firmware vers...

CWE-3062019

CVE-2020-6769

Vulnerability Description

Related Vulnerabilities

CVE-2018-19248

CVE-2019-10668

CVE-2019-11496

CVE-2019-17512

CVE-2019-4244

CVE-2019-5077