Jump to content
  • Sign Up
×
×
  • Create New...

Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw


Recommended Posts

  • Diamond Member

This is the hidden content, please

Billion Electric 4G/LTE routers patched to plug catastrophic CVSS level 10 severity flaw

Several 4G/LTE routers sold by Billion Electric have been found to suffer from a CVSS level 10 severity flaw, which is rarely seen in the wild.

This is the hidden content, please
reports that the routers have a very high potential for exploitation. However, Billion has now prepared a range of firmware updates to address these gaping security holes in its networking hardware. Please get an update immediately if you think you may be affected.

Router models, including the M100, M150, M120N, and M500, are vulnerable to the headline CVE-2024-11980. This is a ‘Missing Authentication’ vulnerability that allows “unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device,” according to

This is the hidden content, please
.

(Image credit: cvedetails.com)

That’s the full official description of CVE-2024-11980, but the ‘Missing authentication’ denomination indicates how vulnerable routers with this flaw will have been to threat actors. The ******* complexity is low, and the privileges required are none—meaning access was pretty much wide open.

If/when an attacker exploits this flaw, they could obtain sensitive information from the hardware, modify the router SSID, and restart the device. That provides plenty of scope for digital chaos.

CVE-2024-11980 was the biggest but not the only bad flaw affecting these Billion branded routers. We also note that these networking devices suffered from the following:

  • CVE-2024-11981 (CVSSv3 7.5): Authentication Bypass, providing attacker access to arbitrary web pages.
  • CVE-2024-11982 (CVSSv3 7.2): Plaintext Storage of a Password (admin access required to retrieve the test files).
  • CVE-2024-11983 (CVSSv3 7.2): OS Command Injection, allowing remote attackers (with admin privilages) to inject and ******** code.

We are happy to see Billion issue the new firmware for the affected range of 4G/LTE router solutions. This is far more user—and eWaste-friendly than offering customers a discount on purchasing a new device, a technique that recently earned D-Link NAS equipment some unfavorable headlines. However, we note that some of the Billion routers affected are current models, which are still at retailers.

Credit goes to Chiao-Lin Yu (Steven Meow) for finding these Billion 4G/LTE router flaws, which users should patch ASAP with fresh firmware.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.



This is the hidden content, please

#Billion #Electric #4GLTE #routers #patched #plug #catastrophic #CVSS #level #severity #flaw

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.