CVE-2024-13870

216.73.216.233

· Published 12/03/2025 12:15 · Modified 12/03/2025 12:15

Labels: CVE-2024-13870 2025-03-12 CVE-2024-13870 CWE-1328 [email protected]

Essential information

Published: 12/03/2025 12:15
Modified: 12/03/2025 12:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
bitdefender / box	`cpe:2.3:a:bitdefender:box:1.3.52.928:::::::*`

CVE-2024-13870

Essential information

Description

NVD status

Affected products (CPE)

References