CVE-2024-13870

MEDIUM
Published Mar 12, 2025 Modified Jul 30, 2025 CWE-1328

Description

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.

CVSS v3.1 Score

5.7
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Weakness Type (CWE)

CWE-1328 CWE-1328

Affected Products

Vendor Product
bitdefender box_firmware
bitdefender box

References

Frequently Asked Questions

What is CVE-2024-13870? +
An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit. It has a CVSS v3.1 base score of 5.7 (MEDIUM).
How severe is CVE-2024-13870? +
CVE-2024-13870 has a CVSS v3.1 score of 5.7 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-13870? +
CVE-2024-13870 affects products from bitdefender, specifically: box, box_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-13870? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-13870 — free, no signup required.

Start Free Scan