VYPR

Box 1

by Bitdefender

CVEs (3)

  • CVE-2024-13871HigMar 12, 2025
    risk 0.57cvss 8.8epss 0.01

    A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to…

  • CVE-2019-12612HigOct 31, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that allows an attacker to pass arbitrary code to the BOX appliance via the web API. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX setup network and…

  • CVE-2019-12611MedOct 17, 2019
    risk 0.29cvss 4.4epss 0.00

    An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior…