{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11981", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-11-29T01:52:19.267Z", "datePublished": "2024-11-29T06:21:31.476Z", "dateUpdated": "2024-11-29T14:31:52.528Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "M100", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M150", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M120N", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M500", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}], "datePublic": "2024-11-29T06:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.</span>"}], "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:29:10.735Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>"}], "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."}], "source": {"advisory": "TVN-202411026", "discovery": "EXTERNAL"}, "title": "Billion Electric router - Authentication Bypass", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "billion_electric", "product": "m100", "cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m150", "cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m120n", "cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m500", "cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T14:25:30.745734Z", "id": "CVE-2024-11981", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:31:52.528Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-29T14:25:30.745734Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m120n", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:31:41.458Z"}}], "cna": {"title": "Billion Electric router - Authentication Bypass", "source": {"advisory": "TVN-202411026", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Billion Electric", "product": "M100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M120N", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.", "supportingMedia": [{"type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>", "base64": false}]}], "datePublic": "2024-11-29T06:16:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:29:10.735Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11981", "state": "PUBLISHED", "dateUpdated": "2024-11-29T14:31:52.528Z", "dateReserved": "2024-11-29T01:52:19.267Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-11-29T06:21:31.476Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages."}], "id": "CVE-2024-11981", "lastModified": "2024-11-29T07:15:05.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-11-29T07:15:05.760", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-8276-1defb-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-8275-50f42-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}