CVE-2024-11982

Summary

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.

Affected Software

VendorProductVersion RangeStatus
Billion ElectricM1001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1001.04.1.* < 1.04.1.675affected
Billion ElectricM1501.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1501.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1501.04.1.* < 1.04.1.675affected
Billion ElectricM120N1.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM120N1.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM120N1.04.1.* < 1.04.1.675affected
Billion ElectricM5001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM5001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM5001.04.1.* < 1.04.1.675affected

Weaknesses

  • CWE-256: CWE-256 Plaintext Storage of a Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References