Lucene search
K

57 matches found

Vulnrichment
Vulnrichment
added 2025/03/12 11:48 a.m.5 views

CVE-2024-13870 Unauthenticated Firmware Downgrade in Bitdefender Box v1

An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...

1.8CVSS6.6AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/12 11:48 a.m.17 views

CVE-2024-13870 Unauthenticated Firmware Downgrade in Bitdefender Box v1

An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...

1.8CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 11:48 a.m.51 views

CVE-2024-13870

Bitdefender Box 1 devices with firmware 1.3.52.928 or earlier are affected by an improper access control vulnerability that permits an unauthenticated attacker in Wi‑Fi range to downgrade firmware to an older, potentially vulnerable Bitdefender‑signed version when the device is in Recovery Mode. ...

5.7CVSS6.6AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/12 11:48 a.m.10 views

CVE-2024-13871 Unauthenticated Command Injection in Bitdefender BOX v1

A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...

9.4CVSS8.3AI score0.0075EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/12 11:48 a.m.21 views

CVE-2024-13871 Unauthenticated Command Injection in Bitdefender BOX v1

A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...

9.4CVSS0.0075EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 11:48 a.m.98 views

CVE-2024-13871

CVE-2024-13871 affects Bitdefender Box 1 with firmware 1.3.11.490. The vulnerability is a command injection in the "/check_image_and_trigger_recovery" API endpoint that allows an unauthenticated, network-adjacent attacker to execute arbitrary commands, potentially enabling full remote code execut...

9.4CVSS8.7AI score0.0075EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/12 11:47 a.m.19 views

CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

9.4CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/12 11:47 a.m.8 views

CVE-2024-13872 Bitdefender Box Insecure Update Mechanism Vulnerability in libboxhermes.so

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...

9.4CVSS7.6AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2025/03/12 11:47 a.m.82 views

CVE-2024-13872

Bitdefender Box is affected in versions 1.3.11.490–1.3.11.505. The issue arises from downloading assets over HTTP for updates via the /set_temp_token API, enabling an unauthenticated, network-adjacent attacker to perform MITM and return malicious assets. Restarted daemons using those assets can l...

9.4CVSS7.6AI score0.00227EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.5 views

PT-2025-11032 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 version 1.3.11.490 Description: A command injection vulnerability exists in the "/check image and trigger recovery" API endpoint, allowing an unauthenticated, network-adjacent attacker to execute arbitrary commands on the...

9.4CVSS9.9AI score0.0075EPSS
Exploits0References14
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.4 views

Bitdefender Box 命令注入漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A command injection vulnerability exists in Bitdefender Box version 1.3.11.490, which stems from the presence of a command injection in the checkimageandtriggerrecovery API endpoint, which could lead to remote code...

9.4CVSS9.8AI score0.0075EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.3 views

Bitdefender Box 安全漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A security vulnerability exists in Bitdefender Box version 1.3.52.928 and earlier, which stems from improper access control and could allow an unauthenticated attacker to downgrade the device firmware...

5.7CVSS6.7AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/12 12:0 a.m.5 views

Bitdefender BOX 安全漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A security vulnerability exists in Bitdefender BOX versions 1.3.11.490 through 1.3.11.505, which stems from the use of an insecure HTTP protocol to download assets, which could lead to man-in-the-middle attacks and...

9.4CVSS9.5AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.25 views

PT-2025-11031 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...

5.7CVSS6.5AI score0.00162EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.6 views

PT-2025-11033 · Bitdefender · Bitdefender Box

Name of the Vulnerable Software and Affected Versions: Bitdefender Box versions 1.3.11.490 through 1.3.11.505 Description: The issue concerns the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules on devices. Updates can ...

9.4CVSS9.6AI score0.00227EPSS
Exploits0References14
BDU FSTEC
BDU FSTEC
added 2020/02/11 12:0 a.m.7 views

The vulnerability of the Bitdefender BOX 2 device, related to errors in processing URL addresses via the API /api/download_image, allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the Bitdefender BOX 2 device for protecting devices and gadgets is related to errors in processing URL addresses using the API /api/downloadimage. Exploiting this vulnerability allows a hacker to execute arbitrary commands on the target system by sending the malicious file...

8.1CVSS8.1AI score0.04234EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Bitdefender BOX 2 Operating System Command Injection Vulnerability

Bitdefender BOX is a smart home security control device from the Romanian company Bitdefender. An operating system command injection vulnerability exists in Bitdefender BOX 2. The vulnerability arises from the failure of a network system or product to properly filter special characters, commands,...

9.8CVSS8AI score0.02074EPSS
Exploits0References1
CVE
CVE
added 2020/01/28 1:39 p.m.54 views

CVE-2019-17096

CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...

9.8CVSS9.5AI score0.02074EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/01/27 6:15 p.m.27 views

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

10CVSS8.8AI score0.04234EPSS
Exploits1References3
OSV
OSV
added 2020/01/27 6:15 p.m.5 views

CVE-2019-17095

A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In ord...

9.8CVSS7.4AI score0.04234EPSS
Exploits1References3
Rows per page
Query Builder