Publication date: October 17th, 2019
An issue was discovered in the miniupnpd component as used in the Bitdefender BOX firmware versions before 220.127.116.11-34, that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in Bitdefender BOX results in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or to trigger a device reboot. In order to exploit this vulnerability, an attacker needs presence in Bitdefender BOX network.