CVE-2025-1143

Summary

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system.

Affected Software

VendorProductVersion RangeStatus
Billion ElectricM1001.04.1.159.* < 1.04.1.592.10affected
Billion ElectricM1001.04.1.613.* < 1.04.1.613.14affected
Billion ElectricM1001.04.1.* < 1.04.1.676affected
Billion ElectricM1501.04.1.592.* < 1.04.1.592.10affected
Billion ElectricM1501.04.1.613.* < 1.04.1.613.14affected
Billion ElectricM1501.04.1.* < 1.04.1.676affected
Billion ElectricM120N1.04.1.592.* < 1.04.1.592.10affected
Billion ElectricM120N1.04.1.613.* < 1.04.1.613.14affected
Billion ElectricM120N1.04.1.* < 1.04.1.676affected
Billion ElectricM5001.04.1.592.* < 1.04.1.592.10affected
Billion ElectricM5001.04.1.613.* < 1.04.1.613.14affected
Billion ElectricM5001.04.1.* < 1.04.1.676affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References