Alan Cao

Name of the Vulnerable Software and Affected Versions: Bitdefender Box versions 1.3.11.490 through 1.3.11.505 Description: The issue concerns the use of the insecure HTTP protocol to download assets over the Internet for updating and restarting daemons and detection rules on devices. Updates can be remotely triggered through the "/set temp token" API endpoint. This allows an unauthenticated and network-adjacent attacker to use man-in-the-middle (MITM) techniques to return malicious responses. As a result, restarted daemons that use malicious assets can be exploited for remote code execution on the device. Recommendations: For Bitdefender Box versions 1.3.11.490 through 1.3.11.505, consider disabling the `/set temp token` API method until a secure update mechanism is implemented to prevent remote code execution risks. Restrict access to the device to minimize the risk of exploitation. Avoid using the insecure HTTP protocol for updates until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.