Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitdefender box firmware vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-17095
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of sys...
Bitdefender Box 2 Firmware 2.1.47.42
Bitdefender Box 2 Firmware 2.1.53.45
8.1
CVSSv3
CVE-2019-17102
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitra...
Bitdefender Box 2 Firmware
7.8
CVSSv3
CVE-2019-12612
An issue exists in Bitdefender BOX firmware versions prior to 2.1.37.37-34 that allows an malicious user to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and Bitdefende...
Bitdefender Box Firmware
4.4
CVSSv3
CVE-2019-12611
An issue exists in Bitdefender BOX firmware versions prior to 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cau...
Bitdefender Box Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started