CVE-2019-12611
MEDIUMBitdefender BOX Firmware < 2.1.37.37-34 - Denial of Service via miniupnpd Memory Allocation
Title source: llmDescription
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.bitdefender.com/support/security-advisories/bitdefender-box-denial-service-va-3184/
Scores
CVSS v3
4.4
EPSS
0.0032
EPSS Percentile
23.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
bitdefender/box_firmware
< 2.1.37.37-34
Published
Oct 17, 2019
Tracked Since
Feb 18, 2026