CVE-2025-1143

Description

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Billion Electric / M1001.04.1.159.* – 1.04.1.592.10
Billion Electric / M1001.04.1.613.* – 1.04.1.613.14
Billion Electric / M1001.04.1.* – 1.04.1.676
Billion Electric / M120N1.04.1.592.* – 1.04.1.592.10
Billion Electric / M120N1.04.1.613.* – 1.04.1.613.14
Billion Electric / M120N1.04.1.* – 1.04.1.676
Billion Electric / M1501.04.1.592.* – 1.04.1.592.10
Billion Electric / M1501.04.1.613.* – 1.04.1.613.14
Billion Electric / M1501.04.1.* – 1.04.1.676
Billion Electric / M5001.04.1.613.* – 1.04.1.613.14
Billion Electric / M5001.04.1.* – 1.04.1.676
Billion Electric / M5001.04.1.592.* – 1.04.1.592.10

CVE-2025-1143

Description

CVSS breakdown

Affected products

References