High severity8.8NVD Advisory· Published Mar 12, 2025· Updated Jun 17, 2026
CVE-2024-13871
CVE-2024-13871
Description
A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 1.3.11.490
- Bitdefender/BOX v1v5Range: 1.3.11.490
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.