CVE-2025-1143

Name of the Vulnerable Software and Affected Versions: Billion Electric routers (affected versions not specified) Billion Electric M100 version 1.04.1.159.* Billion Electric M150 (no specific version mentioned) Billion Electric M120N (no specific version mentioned) Billion Electric M500 (no specific version mentioned)

Description: The issue concerns certain models of routers from Billion Electric that have hard-coded embedded Linux credentials. This allows attackers to log in through the SSH service using these credentials and obtain root privilege of the system. The vulnerability can be exploited to gain unauthorized access to the system. It is typically used in an industrial environment.

Recommendations: For Billion Electric routers, update the firmware to the latest version to fix the issue. For Billion Electric M100 version 1.04.1.159., update the firmware to a version later than 1.04.1.159.. For Billion Electric M150, M120N, and M500, apply the available firmware updates to secure the devices. As a temporary workaround, consider restricting access to the SSH service until a patch is available. Avoid using the hard-coded credentials in the SSH service until the issue is resolved.