CyberSec.Space Logo
Back to CVE Browser

CVE-2019-17096

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0570%
EPSS Percentile1.77th
PublishedJan 27, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.

Affected Platforms (CPE)

💻
Bitdefender

Box 2 Firmware

All versions
📦
Bitdefender

Central

< 2.0.66
📦
Bitdefender

Central

< 2.0.66.88

References & Advisories

🔗 https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/
🔗 https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/

Related Vulnerabilities

CVE-2008-708110.0

userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain admini...

CVE-2020-242159.8

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded cr...

CVE-2019-60059.8

Smart TV Box firmware version prior to 1300 allows remote attackers to bypass access restriction to conduct arbitrary operations o...

CVE-2020-242179.8

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does n...