CVE-2024-13871

Published: Mar 12, 2025

Modified: Mar 12, 2025

PUBLISHED

Description

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).

Vendor	Product	Versions
Bitdefender	BOX v1	affected `1.3.11.490 - < 1.3.11.505`

Weaknesses (CWE)

CWE-77

References

https://bitdefender.com/support/security-advisories/unauthenticated-command-injection-in-bitdefender-box-v1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13871

Description

Affected Products

Weaknesses (CWE)

References