Bitdefender BOX 2 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability


Bitdefender BOX 2 suffers from improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability


The information has been provided by Claudio Bozzato

The original article can be found at:


A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command.


Vulnerable Systems

Bitdefender BOX 2 


CVE Information:



Disclosure Timeline:
Published Date:1/27/2020

Categories: FeaturedNews