Box Firmware Security Vulnerabilities and Issues — Box Firmware CVE List

Lucene search

BitdefenderBox Firmware

3 matches found

CVE•added 2025/03/12 12:15 p.m.•79 views

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code exec...

9.4CVSS8.7AI score0.00259EPSS

CVE•added 2025/03/12 12:15 p.m.•66 views

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and netw...

9.4CVSS7.6AI score0.00036EPSS

CVE•added 2025/03/12 12:15 p.m.•35 views

CVE-2024-13870

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX t...

5.7CVSS6.6AI score0.00031EPSS