Security Advisory

CVE-2024-13871

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-12 11:48:20

Last updated 2025-03-12 14:03:01

Assigner Bitdefender

State PUBLISHED

Description

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).

← Browse all CVEs View on cve.org ↗