{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-11983",
"ASSIGNER": "cve@cert.org.tw",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Billion Electric",
"product": {
"product_data": [
{
"product_name": "M100",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.04.1.592.*",
"version_value": "1.04.1.592.8"
},
{
"version_affected": "<",
"version_name": "1.04.1.613.*",
"version_value": "1.04.1.613.13"
},
{
"version_affected": "<",
"version_name": "1.04.1.*",
"version_value": "1.04.1.675"
}
]
}
},
{
"product_name": "M150",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.04.1.592.*",
"version_value": "1.04.1.592.8"
},
{
"version_affected": "<",
"version_name": "1.04.1.613.*",
"version_value": "1.04.1.613.13"
},
{
"version_affected": "<",
"version_name": "1.04.1.*",
"version_value": "1.04.1.675"
}
]
}
},
{
"product_name": "M120N",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.04.1.592.*",
"version_value": "1.04.1.592.8"
},
{
"version_affected": "<",
"version_name": "1.04.1.613.*",
"version_value": "1.04.1.613.13"
},
{
"version_affected": "<",
"version_name": "1.04.1.*",
"version_value": "1.04.1.675"
}
]
}
},
{
"product_name": "M500",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.04.1.592.*",
"version_value": "1.04.1.592.8"
},
{
"version_affected": "<",
"version_name": "1.04.1.613.*",
"version_value": "1.04.1.613.13"
},
{
"version_affected": "<",
"version_name": "1.04.1.*",
"version_value": "1.04.1.675"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html"
},
{
"url": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html",
"refsource": "MISC",
"name": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"advisory": "TVN-202411028",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.
For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.
For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.
"
}
],
"value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}