Bitdefender Box 2 vulnerabilities
3 known vulnerabilities affecting bitdefender/bitdefender_box_2.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2019-17095P2CRITICALCVSS 9.8≥ 2.1.47.42, < 2.1.59-12≥ 2.1.53.45, < 2.1.59-122020-01-27
CVE-2019-17095 [CRITICAL] CWE-78 CVE-2019-17095: A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, v
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated at
nvd
CVE-2019-17096P2CRITICALCVSS 9.8≥ 2.1.47.42, < 2.1.59-12≥ 2.1.53.45, < 2.1.59-122020-01-27
CVE-2019-17096 [CRITICAL] CWE-78 CVE-2019-17096: A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipula
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
nvd
CVE-2019-17102P3HIGHCVSS 8.1≥ unspecified, < 2.1.47.362020-01-27
CVE-2019-17102 [HIGH] CWE-413 CVE-2019-17102: An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefen
nvd