CVE-2024-11982

HIGH

Billion Electric Router - Info Disclosure

Title source: llm

Description

Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.

References (2)

[Various Sources] https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html

[Various Sources] https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html

Scores

CVSS v3 7.2

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256

Status published

Products (12)

Billion Electric/M100 1.04.1.* - 1.04.1.675

Billion Electric/M100 1.04.1.592.* - 1.04.1.592.8

Billion Electric/M100 1.04.1.613.* - 1.04.1.613.13

Billion Electric/M120N 1.04.1.* - 1.04.1.675

Billion Electric/M120N 1.04.1.592.* - 1.04.1.592.8

Billion Electric/M120N 1.04.1.613.* - 1.04.1.613.13

Billion Electric/M150 1.04.1.* - 1.04.1.675

Billion Electric/M150 1.04.1.592.* - 1.04.1.592.8

Billion Electric/M150 1.04.1.613.* - 1.04.1.613.13

Billion Electric/M500 1.04.1.* - 1.04.1.675

... and 2 more

Published Nov 29, 2024

Tracked Since Feb 18, 2026