Vulnerabilities > Bitdefender > BOX 2

DATE CVE VULNERABILITY TITLE RISK
2020-01-27 CVE-2019-17095 OS Command Injection vulnerability in Bitdefender BOX 2 Firmware 2.1.47.42/2.1.53.45
A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45.
network
low complexity
bitdefender CWE-78
critical
 10.0
10
2020-01-27 CVE-2019-17096 OS Command Injection vulnerability in Bitdefender BOX 2 Firmware and Central
A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.
network
bitdefender CWE-78
critical
 9.3
9.3
2020-01-27 CVE-2019-17102 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Bitdefender BOX 2 Firmware
An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91.
network
bitdefender CWE-367
critical
 9.3
9.3