Improper Access Control in Bitdefender Box by Bitdefender
CVE-2024-13870

1.8LOW

Key Information:

Vendor: Bitdefender
Status: Box V1
Vendor: CVE Published:; 12 March 2025

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2024-13870?

An improper access control vulnerability present in Bitdefender Box 1 allows unauthorized users to perform firmware downgrades. This flaw permits an attacker within WiFi range to exploit the device when booted in Recovery Mode, thereby reverting to an older firmware version that might harbor known vulnerabilities. This manipulation can significantly compromise the security of the device and the network it protects.

Affected Version(s)

BOX v1 0 <= 1.3.52.928

References

https://bitdefender.com/support/security-advisories/unaut...

CVSS V4

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Feb 13, 2025

Credit

Bitdefender Labs