CVE-2024-13871

216.73.216.233

· Published 12/03/2025 12:15 · Modified 12/03/2025 12:15

Labels: CVE-2024-13871 2025-03-12 CVE-2024-13871 CWE-77 [email protected]

Essential information

Published: 12/03/2025 12:15
Modified: 12/03/2025 12:15
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
bitdefender / box 1	`cpe:2.3:a:bitdefender:box_1:1.3.11.490:::::::*`

CVE-2024-13871

Essential information

Description

NVD status

Affected products (CPE)

References