An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
2025-03-12T12:15:12.443
2025-07-30T00:52:04.430
Analyzed
CVSSv3.1: 5.7 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | bitdefender | box_firmware | ≤ 1.3.52.928 | Yes |
| Hardware | bitdefender | box | - | No |