What is CVE-2024-13870?

CVE-2024-13870 is a vulnerability in Bitdefender Box V1, classified under CWE-1328. Published 2025-03-12.

Is CVE-2024-13870 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bitdefender Box V1

CVE-2024-13870

An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdef…

EPSS: 0.001 (22.8th percentile) — read the EPSS interpretation.

Affected products

Bitdefender Box V1 — versions 0

Weakness classification (CWE)

CWE-1328

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

bitdefender.com/support/security-advisories/unauthenticated-firmware-downgrade-…

Frequently asked questions

What is CVE-2024-13870?: CVE-2024-13870 is a vulnerability in Bitdefender Box V1, classified under CWE-1328. Published 2025-03-12.
Is CVE-2024-13870 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.