{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11983", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-11-29T01:52:22.084Z", "datePublished": "2024-11-29T06:57:24.047Z", "dateUpdated": "2024-11-29T14:10:39.561Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "M100", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M150", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M120N", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M500", "vendor": "Billion Electric", "versions": [{"lessThan": "1.04.1.592.8", "status": "affected", "version": "1.04.1.592.*", "versionType": "custom"}, {"lessThan": "1.04.1.613.13", "status": "affected", "version": "1.04.1.613.*", "versionType": "custom"}, {"lessThan": "1.04.1.675", "status": "affected", "version": "1.04.1.*", "versionType": "custom"}]}], "datePublic": "2024-11-29T06:53:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device."}], "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:57:24.047Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>"}], "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later."}], "source": {"advisory": "TVN-202411028", "discovery": "EXTERNAL"}, "title": "Billion Electric router - OS Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "billion_electric", "product": "m100", "cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.*", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m150", "cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m120n", "cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}, {"vendor": "billion_electric", "product": "m500", "cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.04.1.592.*", "status": "affected", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"version": "1.04.1.613.*", "status": "affected", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"version": "1.04.1.* <", "status": "affected", "lessThan": "1.04.1.675", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-29T13:57:51.182205Z", "id": "CVE-2024-11983", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:10:39.561Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11983", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-29T13:57:51.182205Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:billion_electric:m100:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m150:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m120n:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m120n", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:billion_electric:m500:*:*:*:*:*:*:*:*"], "vendor": "billion_electric", "product": "m500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.* <", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-29T14:09:28.088Z"}}], "cna": {"title": "Billion Electric router - OS Command Injection", "source": {"advisory": "TVN-202411028", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Billion Electric", "product": "M100", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M150", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M120N", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Billion Electric", "product": "M500", "versions": [{"status": "affected", "version": "1.04.1.592.*", "lessThan": "1.04.1.592.8", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.613.*", "lessThan": "1.04.1.613.13", "versionType": "custom"}, {"status": "affected", "version": "1.04.1.*", "lessThan": "1.04.1.675", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.\nFor firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.\nFor all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.", "supportingMedia": [{"type": "text/html", "value": "For firmware version 1.04.1.592.x, please update to 1.04.1.592.8 or later.<br>For firmware version 1.04.1.613.x, please update to 1.04.1.613.13 or later.<br>For all other firmware version 1.04.1.x, please update to 1.04.1.675 or later.<br>", "base64": false}]}], "datePublic": "2024-11-29T06:53:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.", "supportingMedia": [{"type": "text/html", "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-11-29T06:57:24.047Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11983", "state": "PUBLISHED", "dateUpdated": "2024-11-29T14:10:39.561Z", "dateReserved": "2024-11-29T01:52:22.084Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-11-29T06:57:24.047Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device."}], "id": "CVE-2024-11983", "lastModified": "2024-11-29T08:15:04.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2024-11-29T08:15:04.733", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-8280-ae6e1-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-8279-bf67e-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}