Billion Electric’s 4G/LTE routers have been found to suffer from a critical security flaw, CVE-2024-11980, which allows unauthenticated remote attackers to access device information and restart the router. This vulnerability is considered CVSS level 10, one of the highest severity levels.
The affected models include M100, M150, M120N, and M500 routers. Billion has released firmware updates to address this issue, and users are advised to apply the patches immediately if they think they may be affected.
Additionally, these routers were found to have three other vulnerabilities: CVE-2024-11981 (Authentication Bypass), CVE-2024-11982 (Plaintext Storage of a Password), and CVE-2024-11983 (OS Command Injection). These flaws allow attackers to inject code, access arbitrary web pages, and modify the router’s SSID.
Billion has taken steps to address these issues by releasing new firmware for the affected models. This is a more user-friendly approach than offering discounts on purchasing new devices, as seen in some other manufacturers’ policies.
Users are advised to patch their routers ASAP with fresh firmware. The vulnerabilities were discovered by Chiao-Lin Yu (Steven Meow) and have been fixed by Billion Electric.
Source: https://www.tomshardware.com/networking/billion-electric-4g-lte-routers-patched-to-plug-catastrophic-cvss-level-10-severity-flaw