2 matches found
CVE-2019-17096
CVE-2019-17096 is a Bitdefender BOX 2 bootstrap command-injection vulnerability. In the bootstrap flow, the device fetches firmware/image data via /api/download_image, which uses get_image_url() to obtain a URL from the Nimbus server and then executes a curl command to download the image. The cod...
CVE-2019-17096
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the getimageurl function in special circumstances to inject a system command...