CVE-2024-13870
MEDIUMDescription
An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| bitdefender | box_firmware |
| bitdefender | box |
References
Frequently Asked Questions
What is CVE-2024-13870? +
How severe is CVE-2024-13870? +
What products are affected by CVE-2024-13870? +
How do I check if I'm vulnerable to CVE-2024-13870? +
Related Vulnerabilities
Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code …
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of …
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade …
Dell Client Platform BIOS contains a Security Version Number Mutable to Older Versions vulnerability. A high privileged attacker with local …
A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause …
A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied …