Several 4G/LTE routers sold by Billion Electric have been found to suffer from a CVSS level 10 severity flaw, which is rarely seen in the wild.Security Onlinereports that the routers have a very high potential for exploitation. However, Billion has now prepared a range of firmware updates to address these gapingsecurityholes in its networking hardware. Please get an update immediately if you think you may be affected.
Router models, including the M100, M150, M120N, and M500, are vulnerable to the headline CVE-2024-11980. This is a ‘Missing Authentication’ vulnerability that allows “unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device,” according toTWCert.
That’s the full official description of CVE-2024-11980, but the ‘Missing authentication’ denomination indicates how vulnerable routers with this flaw will have been to threat actors. The attack complexity is low, and the privileges required are none—meaning access was pretty much wide open.
If/when an attacker exploits this flaw, they could obtain sensitive information from the hardware, modify the router SSID, and restart the device. That provides plenty of scope for digital chaos.
CVE-2024-11980 was the biggest but not the only bad flaw affecting these Billion branded routers. We also note that these networking devices suffered from the following:
We are happy to see Billion issue the new firmware for the affected range of 4G/LTE router solutions. This is far more user—and eWaste-friendly than offering customers a discount on purchasing a new device, a technique that recently earnedD-LinkNAS equipment some unfavorable headlines. However, we note that some of the Billion routers affected are current models, which are still at retailers.
Credit goes to Chiao-Lin Yu (Steven Meow) for finding these Billion 4G/LTE router flaws, which users should patch ASAP with fresh firmware.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Mark Tyson is a news editor at Tom’s Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.
