CVE-2024-11980

Summary

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.

Affected Software

VendorProductVersion RangeStatus
Billion ElectricM1001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1001.04.1.613.* < 1.04.613.13affected
Billion ElectricM1001.04.1.* < 1.04.1.675affected
Billion ElectricM1501.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1501.04.1.613.* < 1.04.613.13affected
Billion ElectricM1501.04.1.* < 1.04.1.675affected
Billion ElectricM120N1.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM120N1.04.1.613.* < 1.04.613.13affected
Billion ElectricM120N1.04.1.* < 1.04.1.675affected
Billion ElectricM5001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM5001.04.1.613.* < 1.04.613.13affected
Billion ElectricM5001.04.1.* < 1.04.1.675affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References