VYPR
High severity8.8NVD Advisory· Published Mar 12, 2025· Updated Jun 17, 2026

CVE-2024-13871

CVE-2024-13871

Description

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: = 1.3.11.490
  • Bitdefender/BOX v1v5
    Range: 1.3.11.490

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.