Product: B420 Firmware Version: 02.02.0001 IP Stack Version: 1.3.2 AES Lib Version: 01.00.0000 Vendor: Bosch Security Systems Vulnerability: Improper Access Control Description: An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can access gain access to the same panel without requiring any sort of authorization. Severity CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [High 7.8] References: https://resources-boschsecurity-cdn.azureedge.net/public/documents/Installation_Manual_all_4674592907.pdf https://drive.google.com/drive/folders/16jvVFyp9RlHvXvq7qbOCjCs1jiAPT3i_?usp=sharing