Bitdefender Box 1 Improper Access Control Vulnerability Allowing Unauthenticated Firmware Downgrade

Vulnerability

A vulnerability allowing improper access control has been identified in Bitdefender Box 1, specifically in firmware versions through 1.3.52.928. This vulnerability enables an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version that is still signed by Bitdefender. The exploitation of this vulnerability requires the Bitdefender Box to be in Recovery Mode and for the attacker to be within WiFi range of the device.

Impact

Exploitation of this vulnerability allows for an unauthorized firmware downgrade, potentially introducing known vulnerabilities from the downgraded firmware version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

2.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bitdefender Box 1 Improper Access Control Vulnerability Allowing Unauthenticated Firmware Downgrade

Vulnerability

Impact

Affected Products

Bitdefender Box 1

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating