CVE-2025-1143 HIGH

CVE-2025-1143: Billion Electric M120N - Use of Hard-coded Credentials

Vendor Billion Electric
Product M100
Weakness CWE-798 · Hardcoded credentials
Published February 11, 2025
Last update February 18, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 18, 2025 Record updated