Summary: Bitdefender has revealed three critical vulnerabilities in the discontinued Bitdefender BOX v1, which could lead to unauthorized command execution and potential remote code execution. Despite no longer being sold or supported, the device is still in use, exposing users to significant security risks. Users are advised to retire the device and transition to a modern security solution due to unresolved vulnerabilities.
Affected: Bitdefender BOX v1
Keypoints :
- CVE-2024-13870 allows attackers to downgrade firmware due to improper access controls.
- CVE-2024-13871 enables command injection, granting attackers complete control over the device.
- CVE-2024-13872 presents a risk of MITM attacks due to an insecure update mechanism.
- Bitdefender provided a partial fix, but emphasized the importance of migrating to newer security solutions.
Source: https://securityonline.info/bitdefender-box-v1-vulnerabilities-expose-smart-homes-to-remote-attacks/