CVE-2024-11983— Billion Electric router - OS Command Injection

CVSS 7.2 · High EPSS 0.42% · P62 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-11983

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Billion Electric router - OS Command Injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Billion Electric多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Billion Electric M100等都是中国盛达电业（Billion Electric）公司的一款无线路由器。 Billion Electric多款产品存在安全漏洞，该漏洞源于存在操作系统命令注入，拥有管理员权限的远程攻击者能够向特定SSH功能中注入任意系统命令，并在设备上执行。以下产品受到影响： M100、M150、M120N和M500。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Billion Electric	M100	1.04.1.592.* ~ 1.04.1.592.8	-
Billion Electric	M150	1.04.1.592.* ~ 1.04.1.592.8	-
Billion Electric	M120N	1.04.1.592.* ~ 1.04.1.592.8	-
Billion Electric	M500	1.04.1.592.* ~ 1.04.1.592.8	-

II. Public POCs for CVE-2024-11983

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-11983

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-11983

Same Patch Batch · Billion Electric · 2024-11-29 · 4 CVEs total

CVE-2024-11980	8.6 HIGH	Billion Electric router - Missing Authentication
CVE-2024-11981	7.5 HIGH	Billion Electric router - Authentication Bypass
CVE-2024-11982	7.2 HIGH	Billion Electric router - Plaintext Storage of a Password

IV. Related Vulnerabilities

Same product: M100

Same vendor: Billion Electric

Same weakness: CWE-78

V. Comments for CVE-2024-11983

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-11983— Billion Electric router - OS Command Injection

I. Basic Information for CVE-2024-11983

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-11983

III. Intelligence Information for CVE-2024-11983

Same Patch Batch · Billion Electric · 2024-11-29 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-11983

Leave a comment