CVE-2020-6781 MEDIUM

CVE-2020-6781: Improper Certificate Validation in Bosch Smart Home System App for iOS

Vendor Bosch

Product Smart Home

Weakness CWE-295

Published September 16, 2020

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.

Key dates

02Disclosure timeline

September 16, 2020 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-6781 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/295.html

Related vulnerabilities

04Related CVE

CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification CVE-2024-52330 ECOVACS lawnmowers and vacuums do not properly validate TLS certificates CVE-2025-4575 The x509 application adds trusted use instead of rejected use CVE-2022-23649 Improper Certificate Validation in Cosign CVE-2017-13105 Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication