CVE-2024-11981

Summary

Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.

Affected Software

VendorProductVersion RangeStatus
Billion ElectricM1001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1001.04.1.* < 1.04.1.675affected
Billion ElectricM1501.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1501.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1501.04.1.* < 1.04.1.675affected
Billion ElectricM120N1.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM120N1.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM120N1.04.1.* < 1.04.1.675affected
Billion ElectricM5001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM5001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM5001.04.1.* < 1.04.1.675affected

Weaknesses

  • CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References