CVE-2024-13870

Low CVSS: 1.8

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

Vendor

Bitdefender

Product

Box Firmware

CWE

CWE-1328

Yayın Tarihi

2025-03-12 12:15:12

Güncelleme

2025-07-30 00:52:04

Source Identifier

cve-requests@bitdefender.com

KEV Date Added

Kategoriler

CWE-1328 Box Firmware LOW Bitdefender 2025

Referanslar

https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1

Benzer Kayıtlar

High

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privil…

Medium

CVE-2025-5317

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 a…

Medium

CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input…

Critical

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafel…

Medium

CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in…

Critical

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (fir…