cve-2024-11980
Vulnerability from cvelistv5
Published
2024-11-29 06:03
Modified
2024-11-29 14:40
Severity ?
EPSS score ?
Summary
Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Billion Electric | M100 |
Version: 1.04.1.592.* < 1.04.1.592.8 Version: 1.04.1.613.* < 1.04.613.13 Version: 1.04.1.* < 1.04.1.675 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "m150", vendor: "billion_electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.* <", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "m150", vendor: "billion_electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.* <", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "m120n", vendor: "billion_electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.* <", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "m500", vendor: "billion_electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.* <", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-11980", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-29T14:32:57.290762Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-29T14:40:54.541Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "M100", vendor: "Billion Electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.*", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "M150", vendor: "Billion Electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.*", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "M120N", vendor: "Billion Electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.*", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "M500", vendor: "Billion Electric", versions: [ { lessThan: "1.04.1.592.8", status: "affected", version: "1.04.1.592.*", versionType: "custom", }, { lessThan: "1.04.613.13", status: "affected", version: "1.04.1.613.*", versionType: "custom", }, { lessThan: "1.04.1.675", status: "affected", version: "1.04.1.*", versionType: "custom", }, ], }, ], datePublic: "2024-11-29T05:51:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.<br>", }, ], value: "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.", }, ], impacts: [ { capecId: "CAPEC-37", descriptions: [ { lang: "en", value: "CAPEC-37 Retrieve Embedded Sensitive Data", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-29T08:39:12.739Z", orgId: "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", shortName: "twcert", }, references: [ { tags: [ "third-party-advisory", ], url: "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html", }, { tags: [ "third-party-advisory", ], url: "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>", }, ], value: "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.", }, ], source: { advisory: "TVN-202411025", discovery: "EXTERNAL", }, title: "Billion Electric router - Missing Authentication", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", assignerShortName: "twcert", cveId: "CVE-2024-11980", datePublished: "2024-11-29T06:03:04.983Z", dateReserved: "2024-11-29T01:52:18.057Z", dateUpdated: "2024-11-29T14:40:54.541Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { descriptions: "[{\"lang\": \"en\", \"value\": \"Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.\"}, {\"lang\": \"es\", \"value\": \"Ciertos modos de enrutadores de Billion Electric tienen una vulnerabilidad de autenticaci\\u00f3n faltante, lo que permite a atacantes remotos no autenticados acceder directamente a la funcionalidad espec\\u00edfica para obtener informaci\\u00f3n parcial del dispositivo, modificar el SSID de WiFi y reiniciar el dispositivo.\"}]", id: "CVE-2024-11980", lastModified: "2024-11-29T09:15:04.197", metrics: "{\"cvssMetricV31\": [{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.7}]}", published: "2024-11-29T06:15:06.747", references: "[{\"url\": \"https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html\", \"source\": \"twcert@cert.org.tw\"}, {\"url\": \"https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html\", \"source\": \"twcert@cert.org.tw\"}]", sourceIdentifier: "twcert@cert.org.tw", vulnStatus: "Awaiting Analysis", weaknesses: "[{\"source\": \"twcert@cert.org.tw\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-11980\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2024-11-29T06:15:06.747\",\"lastModified\":\"2024-11-29T09:15:04.197\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.\"},{\"lang\":\"es\",\"value\":\"Ciertos modos de enrutadores de Billion Electric tienen una vulnerabilidad de autenticación faltante, lo que permite a atacantes remotos no autenticados acceder directamente a la funcionalidad específica para obtener información parcial del dispositivo, modificar el SSID de WiFi y reiniciar el dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html\",\"source\":\"twcert@cert.org.tw\"},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html\",\"source\":\"twcert@cert.org.tw\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11980\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-29T14:32:57.290762Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*\"], \"vendor\": \"billion_electric\", \"product\": \"m150\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.* <\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*\"], \"vendor\": \"billion_electric\", \"product\": \"m150\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.* <\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*\"], \"vendor\": \"billion_electric\", \"product\": \"m120n\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.* <\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*\"], \"vendor\": \"billion_electric\", \"product\": \"m500\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.* <\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-29T14:40:45.800Z\"}}], \"cna\": {\"title\": \"Billion Electric router - Missing Authentication\", \"source\": {\"advisory\": \"TVN-202411025\", \"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-37\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-37 Retrieve Embedded Sensitive Data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Billion Electric\", \"product\": \"M100\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.*\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Billion Electric\", \"product\": \"M150\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.*\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Billion Electric\", \"product\": \"M120N\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.*\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Billion Electric\", \"product\": \"M500\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.04.1.592.*\", \"lessThan\": \"1.04.1.592.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.613.*\", \"lessThan\": \"1.04.613.13\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.04.1.*\", \"lessThan\": \"1.04.1.675\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>\", \"base64\": false}]}], \"datePublic\": \"2024-11-29T05:51:00.000Z\", \"references\": [{\"url\": \"https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.<br>\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"shortName\": \"twcert\", \"dateUpdated\": \"2024-11-29T08:39:12.739Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-11980\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-29T14:40:54.541Z\", \"dateReserved\": \"2024-11-29T01:52:18.057Z\", \"assignerOrgId\": \"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e\", \"datePublished\": \"2024-11-29T06:03:04.983Z\", \"assignerShortName\": \"twcert\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.