{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11982", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-11-29T01:52:20.686Z", "datePublished": "2024-11-29T06:45:33.819Z", "dateUpdated": "2024-11-29T14:22:56.724Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "M100", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M150", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M120N", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M500", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}], "datePublic": "2024-11-29T06:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.</span>"}], "value": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:58:03.281Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>"}], "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."}], "source": {"advisory": "TVN-202411027", "discovery": "EXTERNAL"}, "title": "Billion Electric router - Plaintext Storage of a Password", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "billion_electric", "product": "m100", "cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m150", "cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m120n", "cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.*", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m500", "cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T14:11:33.338160Z", "id": "CVE-2024-11982", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:22:56.724Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11982", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-29T14:11:33.338160Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m120n", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:22:37.889Z"}}], "cna": {"title": "Billion Electric router - Plaintext Storage of a Password", "source": {"advisory": "TVN-202411027", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Billion Electric", "product": "M100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M120N", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.", "supportingMedia": [{"type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>", "base64": false}]}], "datePublic": "2024-11-29T06:37:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:58:03.281Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11982", "state": "PUBLISHED", "dateUpdated": "2024-11-29T14:22:56.724Z", "dateReserved": "2024-11-29T01:52:20.686Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-11-29T06:45:33.819Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords."}], "id": "CVE-2024-11982", "lastModified": "2024-11-29T08:15:04.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-11-29T08:15:04.580", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-8278-cb581-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-8277-88b20-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}