CVE-2024-13870

Published: Mar 12, 2025

Modified: Mar 12, 2025

PUBLISHED

Description

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

Vendor	Product	Versions
Bitdefender	BOX v1	affected `0 - <= 1.3.52.928`

Weaknesses (CWE)

CWE-1328

References

https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13870

Description

Affected Products

Weaknesses (CWE)

References