CVE-2024-11980 HIGH

CVE-2024-11980: Billion Electric router - Missing Authentication

Vendor Billion Electric
Product M100
Weakness CWE-306 · Missing auth
Published November 29, 2024
Last update November 29, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
November 29, 2024 Record updated