{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11980", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-11-29T01:52:18.057Z", "datePublished": "2024-11-29T06:03:04.983Z", "dateUpdated": "2024-11-29T14:40:54.541Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "M100", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M150", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M120N", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M500", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}], "datePublic": "2024-11-29T05:51:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.<br>"}], "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T08:39:12.739Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>"}], "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."}], "source": {"advisory": "TVN-202411025", "discovery": "EXTERNAL"}, "title": "Billion Electric router - Missing Authentication", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "billion_electric", "product": "m150", "cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m150", "cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m120n", "cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m500", "cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T14:32:57.290762Z", "id": "CVE-2024-11980", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:40:54.541Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-29T14:32:57.290762Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m120n", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:40:45.800Z"}}], "cna": {"title": "Billion Electric router - Missing Authentication", "source": {"advisory": "TVN-202411025", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Billion Electric", "product": "M100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M120N", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.", "supportingMedia": [{"type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>", "base64": false}]}], "datePublic": "2024-11-29T05:51:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.", "supportingMedia": [{"type": "text/html", "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T08:39:12.739Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11980", "state": "PUBLISHED", "dateUpdated": "2024-11-29T14:40:54.541Z", "dateReserved": "2024-11-29T01:52:18.057Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-11-29T06:03:04.983Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device."}], "id": "CVE-2024-11980", "lastModified": "2024-11-29T09:15:04.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-11-29T06:15:06.747", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-8274-01e55-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-8273-95a07-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}