The vulnerability of the Bitdefender BOX 2 device, related to errors in processing URL addresses via the API /api/download_image, allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the Bitdefender BOX 2 device for protecting devices and gadgets is related to errors in processing URL addresses using the API /api/downloadimage. Exploiting this vulnerability allows a hacker to execute arbitrary commands on the target system by sending the malicious file...

Bitdefender BOX 2 bootstrap update_setup command execution vulnerability

Summary An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method /api/updatesetup does not perform firmware signature checks atomically, leading to an exploitable race condition TOCTTOU that allows arbitrary execution o...