Security Advisory

CVE-2024-13870

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-12 11:48:35

Last updated 2025-03-12 14:01:55

Assigner Bitdefender

State PUBLISHED

Description

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the devices firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

← Browse all CVEs View on cve.org ↗