What is CVE-2024-13872?

CVE-2024-13872 is a vulnerability in Bitdefender Box V1, classified under Cleartext Transmission of Sensitive Information. Published 2025-03-12.

Is CVE-2024-13872 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Bitdefender Box V1

CVE-2024-13872

Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /…

EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.

Affected products

Bitdefender Box V1 — versions 1.3.11.490

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

bitdefender.com/support/security-advisories/insecure-update-mechanism-vulnerabi…

Frequently asked questions

What is CVE-2024-13872?: CVE-2024-13872 is a vulnerability in Bitdefender Box V1, classified under Cleartext Transmission of Sensitive Information. Published 2025-03-12.
Is CVE-2024-13872 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.