A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HBitdefender Box 2
HWBitdefenderwszystkie wersjeBitdefender Box 2 Firmware
OSBitdefenderwszystkie wersjeBitdefender Central
APPBitdefender< 2.0.66< 2.0.66.88
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
Related vulnerabilities
CVE-2019-17095HIGH8.1ten sam produkt
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2....
CVE-2019-17102HIGH8.3ten sam produkt
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version ...
CVE-2025-1987CRITICAL9.3PL ✓ten sam vendor
Stored XSS w Psono Client / Bitdefender SecurePass via złośliwe URL w magazynie haseł
CVE-2025-2244CRITICAL9.5PL ✓ten sam vendor
Niebezpieczna deserializacja PHP w Bitdefender GravityZone Console (RCE)
CVE-2024-13872CRITICAL9.4PL ✓ten sam vendor
Niezabezpieczony mechanizm aktualizacji w Bitdefender Box — RCE przez MITM