Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitdefender box firmware vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of sys...
Bitdefender Box 2 Firmware 2.1.47.42
Bitdefender Box 2 Firmware 2.1.53.45
7.2
CVSSv2
CVE-2019-12612
An issue exists in Bitdefender BOX firmware versions prior to 2.1.37.37-34 that allows an malicious user to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefende...
Bitdefender Box Firmware
9.3
CVSSv2
CVE-2019-17102
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitra...
Bitdefender Box 2 Firmware
4.9
CVSSv2
CVE-2019-12611
An issue exists in Bitdefender BOX firmware versions prior to 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cau...
Bitdefender Box Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started