Billion Electric Routers Vulnerable to OS Command Injection
CVE-2024-11983

7.2HIGH

Key Information:

Vendor: Billion Electric
Status: M100; M150; M120n; M500
Vendor: CVE Published:; 29 November 2024

🔔 Create Billion Electric Vulnerability Alert

What is CVE-2024-11983?

Certain models of routers from Billion Electric exhibit a vulnerability that allows remote attackers to inject arbitrary system commands into an SSH function designed for administrative purposes. This OS Command Injection flaw can be exploited by authenticated users, posing a significant risk as it enables the execution of unauthorized commands on the affected devices. Proper mitigation strategies are critical to safeguard against potential exploitations, as this vulnerability could lead to significant disruptions and unauthorized access within network environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

M100 1.04.1.592.* < 1.04.1.592.8

M100 1.04.1.613.* < 1.04.1.613.13

M100 1.04.1.* < 1.04.1.675

References

https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html

third-party-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
Nov 29, 2024

JSON