CVE-2024-11982

Name of the Vulnerable Software and Affected Versions: Billion Electric routers (affected versions not specified)

Description: The issue concerns a plaintext storage of password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve passwords in plaintext. This could allow an unauthorized party to gain access to protected information.

Recommendations: For all affected versions, consider restricting access to the user settings page until a fix is available. As a temporary workaround, avoid using the password variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.