54 matches found
EUVD-2019-4206
Malware in sbrugna...
EUVD-2019-7568
Malware in sbrugna...
EUVD-2019-7563
Malware in sbrugna...
EUVD-2019-7562
Malware in sbrugna...
EUVD-2019-4205
Malware in sbrugna...
EUVD-2024-54187
Malicious code in bioql PyPI...
EUVD-2024-54188
Malicious code in bioql PyPI...
EUVD-2024-54189
Malicious code in bioql PyPI...
CVE-2019-12612
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefender BOX be in setup...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13872
Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /settemptoken API method. Then, an unauthenticated and...
CVE-2024-13871
A command injection vulnerability exists in the /checkimageandtriggerrecovery API endpoint of Bitdefender Box 1 firmware version 1.3.11.490. This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code executio...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...
CVE-2024-13870
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...
CVE-2024-13870
Bitdefender Box 1 devices with firmware 1.3.52.928 or earlier are affected by an improper access control vulnerability that permits an unauthenticated attacker in Wi‑Fi range to downgrade firmware to an older, potentially vulnerable Bitdefender‑signed version when the device is in Recovery Mode. ...
CVE-2024-13870 Unauthenticated Firmware Downgrade in Bitdefender Box v1
An improper access control vulnerability exists in Bitdefender Box 1 firmware version 1.3.52.928 and below that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...