← voltar
CVE-2024-13870

Unauthenticated Firmware Downgrade in Bitdefender Box v1

CVSS 1.8 LOWEPSS 0.2%CWE-1328
An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/AU:N
Produtos afetados
Bitdefender · BOX v1

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1