BOS BS-IPT4704G3MZ+
Moderate fix1 remedy
Moderate fix1 remedy
- V21.45.8.2.2_220219
BOS IPCs SQL Injection Vulnerability in Firmware 21.45.8.2.2_220219
Vulnerability
Patched
A SQL injection vulnerability has been identified in BOS IPCs running firmware 21.45.8.2.2_220219, prior to 21.45.8.2.3_230220. This vulnerability allows remote attackers to access sensitive database information by sending crafted input in the request body. The issue arises from the application's request body processing, which improperly handles user input, enabling attackers to manipulate SQL queries and extract data from the database.
Impact
Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with database queries. This could lead to unauthorized data access, modification of application data, disruption of application logic, privilege escalation within the database, or control over the database server.
Remediation
Users are advised to update the firmware of the affected cameras to version 21.45.8.2.3_230220.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.2remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.