CVE-2024-13872

Critical CVSS: 9.4

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.

Vendor

Bitdefender

Product

Box Firmware

CWE

CWE-319

Yayın Tarihi

2025-03-12 12:15:14

Güncelleme

2025-07-30 00:39:58

Source Identifier

cve-requests@bitdefender.com

KEV Date Added

Kategoriler

CWE-319 Box Firmware CRITICAL Bitdefender 2025

Referanslar

https://bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerability-in-libboxhermes-so-in-bitdefender-box-v1

Benzer Kayıtlar

High

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privil…

Medium

CVE-2025-5317

An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 a…

Medium

CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input…

Critical

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafel…

Medium

CVE-2025-2245

A server-side request forgery (SSRF) vulnerability exists in the Bitdefender GravityZone Update Server when operating in…

Critical

CVE-2024-13871

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (fir…