Mario Bartolomé

**Name of the Vulnerable Software and Affected Versions** Billion Smart Energy Router SG600R2 version v3.02.rc6 **Description** The issue concerns an exposed Telnet Service that allows a local network attacker to authenticate into a shell using hardcoded credentials, resulting in root execution privileges over the device. **Recommendations** For version v3.02.rc6, consider disabling the Telnet Service as a temporary workaround until a patch is available. Restrict access to the device to minimize the risk of exploitation. Avoid using hardcoded credentials in the affected device.

**Name of the Vulnerable Software and Affected Versions** Billion Smart Energy Router SG600R2 Firmware version 3.02.rc6 **Description** The issue allows an authenticated attacker to gain root execution privileges over the device. This is achieved through a hidden shell feature in etc ro/web/adm/system command.asp. **Recommendations** For Billion Smart Energy Router SG600R2 Firmware version 3.02.rc6, consider restricting access to the system command.asp feature until a patch is available. As a temporary workaround, limit the use of the affected firmware to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.