CVE-2024-13870

Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below

Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires the device to be booted in Recovery Mode and the attacker to be within the WiFi range of the unit.

Recommendations: For Bitdefender Box 1 versions 1.3.52.928 and below, update the firmware to a version above 1.3.52.928 to prevent potential downgrades to vulnerable firmware versions. As a temporary workaround, consider restricting access to the Recovery Mode to minimize the risk of exploitation.