CVE-2019-17095
CVE-2019-17095/17096 affect Bitdefender BOX 2 in bootstrap mode. The vulnerability stems from the bootstrap download_image path, where the device retrieves a firmware URL from nimbus.bitdefender.net via a JSON-RPC response and then shells out to curl/os.execute without validating the URL. This al...