CVE-2024-11983

Billion Electric router - OS Command Injection

CVSS 7.2 HIGHEPSS 1.1%CWE-78

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.2EPSS 1.1%KEV nãoPoC —Patch —

Ciclo de vida

29 nov 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Billion Electric · M100 Billion Electric · M120N Billion Electric · M150 Billion Electric · M500

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html