3 matches found
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
Bitdefender BOX 安全漏洞
Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A security vulnerability exists in Bitdefender BOX versions 1.3.11.490 through 1.3.11.505, which stems from the use of an insecure HTTP protocol to download assets, which could lead to man-in-the-middle attacks and...