Denial of Service Vulnerability in Bitdefender BOX Firmware
CVE-2019-12611

4.4MEDIUM

Key Information:

Vendor: Bitdefender
Status: Box Firmware
Vendor: CVE Published:; 17 October 2019

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2019-12611?

A vulnerability exists in the Bitdefender BOX firmware prior to version 2.1.37.37-34, which can impact the device's reliability. The issue is related to the miniupnpd implementation, where specially crafted network packets can lead to memory allocation that is never freed. This could result in crashes of the miniupnpd component or cause the device to reboot unexpectedly, compromising the device's operational stability.

References

https://www.bitdefender.com/support/security-advisories/b...

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2019
Vulnerability Reserved
Jun 3, 2019