Diamond Member Pelican Press 0 Posted December 2 Diamond Member Share Posted December 2 This is the hidden content, please Sign In or Sign Up Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw Several 4G/LTE routers sold by Billion Electric have been found to suffer from a CVSS level 10 severity flaw, which is rarely seen in the wild. This is the hidden content, please Sign In or Sign Up reports that the routers have a very high potential for exploitation. However, Billion has now prepared a range of firmware updates to address these gaping security holes in its networking hardware. Please get an update immediately if you think you may be affected. Router models, including the M100, M150, M120N, and M500, are vulnerable to the headline CVE-2024-11980. This is a ‘Missing Authentication’ vulnerability that allows “unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device,” according to This is the hidden content, please Sign In or Sign Up . (Image credit: cvedetails.com) That’s the full official description of CVE-2024-11980, but the ‘Missing authentication’ denomination indicates how vulnerable routers with this flaw will have been to threat actors. The ******* complexity is low, and the privileges required are none—meaning access was pretty much wide open. If/when an attacker exploits this flaw, they could obtain sensitive information from the hardware, modify the router SSID, and restart the device. That provides plenty of scope for digital chaos. CVE-2024-11980 was the biggest but not the only bad flaw affecting these Billion branded routers. We also note that these networking devices suffered from the following: CVE-2024-11981 (CVSSv3 7.5): Authentication Bypass, providing attacker access to arbitrary web pages. CVE-2024-11982 (CVSSv3 7.2): Plaintext Storage of a Password (admin access required to retrieve the test files). CVE-2024-11983 (CVSSv3 7.2): OS Command Injection, allowing remote attackers (with admin privilages) to inject and ******** code. We are happy to see Billion issue the new firmware for the affected range of 4G/LTE router solutions. This is far more user—and eWaste-friendly than offering customers a discount on purchasing a new device, a technique that recently earned D-Link NAS equipment some unfavorable headlines. However, we note that some of the Billion routers affected are current models, which are still at retailers. Credit goes to Chiao-Lin Yu (Steven Meow) for finding these Billion 4G/LTE router flaws, which users should patch ASAP with fresh firmware. Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox. This is the hidden content, please Sign In or Sign Up #Billion #Electric #4GLTE #routers #patched #plug #catastrophic #CVSS #level #severity #flaw This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment https://hopzone.eu/forums/topic/179693-billion-electric-4glte-routers-patched-to-plug-catastrophic-cvss-level-10-severity-flaw/ Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now