CVE-2024-11983

Summary

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.

Affected Software

VendorProductVersion RangeStatus
Billion ElectricM1001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1001.04.1.* < 1.04.1.675affected
Billion ElectricM1501.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM1501.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM1501.04.1.* < 1.04.1.675affected
Billion ElectricM120N1.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM120N1.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM120N1.04.1.* < 1.04.1.675affected
Billion ElectricM5001.04.1.592.* < 1.04.1.592.8affected
Billion ElectricM5001.04.1.613.* < 1.04.1.613.13affected
Billion ElectricM5001.04.1.* < 1.04.1.675affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References