CVE-2020-6785— Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-6785
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer
Source: NVD (National Vulnerability Database)
Vulnerability Description
Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This also affects Bosch DIVAR IP 7000 R2, Bosch DIVAR IP all-in-one 5000 and Bosch DIVAR IP all-in-one 7000 with installers and installed BVMS versions prior to BVMS 10.1.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Bosch BVMS 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Bosch BVMS是德国Bosch公司的一个应用系统。用于视频管理。 Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older 存在代码问题漏洞,该漏洞允许攻击者在受害者的系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Bosch | BVMS | unspecified ~ 9.0.0 | - | |
| Bosch | BVMS Viewer | unspecified ~ 9.0.0 | - | |
| Bosch | DIVAR IP 7000 R2 | all | - | |
| Bosch | DIVAR IP all-in-one 5000 | all | - | |
| Bosch | DIVAR IP all-in-one 7000 | all | - |
II. Public POCs for CVE-2020-6785
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-6785
请登录查看更多情报信息。
- https://psirt.bosch.com/security-advisories/bosch-sa-835563-bt.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2020-6785
Same Patch Batch · Bosch · 2021-03-25 · 7 CVEs total
| CVE-2020-6771 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch IP Helper |
| CVE-2020-6786 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch Video Recording Manager Installer |
| CVE-2020-6787 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch Video Client installer |
| CVE-2020-6788 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch Configuration Manager Installer |
| CVE-2020-6789 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch Monitor Wall Installer |
| CVE-2020-6790 | 7.8 HIGH | Uncontrolled Search Path Element in Bosch Video Streaming Gateway Installer |
IV. Related Vulnerabilities
Same vendor: Bosch
- CVE-2024-33618
Bosch VMS Central Server 安全漏洞 - CVE-2025-32063
Enabling SSH server on Infotainment ECU - CVE-2025-32062
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32061
Stack Buffer Overflow leading to RCE in Bluetooth stack of I - CVE-2025-32060
Absence of Kernel Module Signature Verification on Linux Sys
Same weakness: CWE-427
- CVE-2025-14575
Uncontrolled Search Path Element in Qt Network OpenSSL TLS b - CVE-2026-32323
Mullvad VPN for macOS: Local Privilege Escalation via unveri - CVE-2026-47092
Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC En - CVE-2025-62628
AMD AIM-T Manageability Service 代码问题漏洞 - CVE-2024-47091
Privilege escalation via mk_mysql agent plugin on Windows
V. Comments for CVE-2020-6785
No comments yet