exploitDog

CVE-2024-13870

Опубликовано: 12 мар. 2025

Источник: nvd

CVSS3: 5.7

EPSS Низкий

Описание

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

Ссылки

https://bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-in-bitdefender-box-v1
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bitdefender:box_firmware:*:*:*:*:*:*:*:*

Версия до 1.3.52.928 (включая)

cpe:2.3:h:bitdefender:box:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00038

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-1328

Связанные уязвимости

GHSA-8wpx-wqvh-rxw6

CVSS3: 5.7

github

11 месяцев назад

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

EPSS

Процентиль: 11%

0.00038

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-1328