CVE-2024-11980

Name of the Vulnerable Software and Affected Versions: Billion Electric routers (affected versions not specified) Billion M100 (affected versions not specified) Billion M150 (affected versions not specified) Billion M120N (affected versions not specified) Billion M500 (affected versions not specified)

Description: The issue concerns a Missing Authentication vulnerability in certain modes of Billion Electric routers. This vulnerability allows unauthenticated remote attackers to directly access specific functionality, obtaining partial device information, modifying the WiFi SSID, and restarting the device. The vulnerability is related to the absence of authentication for a critical function, which can be exploited by remote attackers to bypass security restrictions, gain unauthorized access to protected information, or cause a denial of service.

Recommendations: For Billion Electric routers, upgrade the firmware immediately to mitigate the risk. For Billion M100, upgrade the firmware to the latest version. For Billion M150, upgrade the firmware to the latest version. For Billion M120N, upgrade the firmware to the latest version. For Billion M500, upgrade the firmware to the latest version. As a temporary workaround, consider restricting access to the vulnerable functionality until a patch is available. Avoid using the vulnerable routers until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.