go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Billion Electric router - Missing Authentication

TVN ID TVN-202411025
CVE ID CVE-2024-11980
CVSS 8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Products M100, M150, M120N, and M500
Description Certain models of routers from Billion Electric has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.
Solution For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
Credit Chiao-Lin Yu (Steven Meow)
Public Date 2024-11-29
Top