CVE-2025-1143
📋 TL;DR
Billion Electric routers have hard-coded SSH credentials that allow attackers to gain root access. This affects specific router models running embedded Linux. Attackers can fully compromise affected devices.
💻 Affected Systems
- Billion Electric routers (specific models not fully detailed in references)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover allowing network traffic interception, malware deployment, lateral movement to internal networks, and persistent backdoor installation.
Likely Case
Attackers gain root access to compromise the router, potentially using it as a pivot point into internal networks or for botnet participation.
If Mitigated
Limited to isolated router compromise if network segmentation prevents lateral movement and external access is blocked.
🎯 Exploit Status
Exploitation requires SSH access and knowledge of hard-coded credentials. No authentication bypass needed if SSH is exposed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check vendor advisory
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-8414-096ce-2.html
Restart Required: No
Instructions:
1. Check Billion Electric website for firmware updates. 2. Download latest firmware for your router model. 3. Apply firmware update through web interface. 4. Verify SSH credentials have been changed or removed.
🔧 Temporary Workarounds
Disable SSH Service
allTurn off SSH access if not required for management
Change SSH Credentials
linuxManually change hard-coded credentials if firmware update not available
passwd root
🧯 If You Can't Patch
- Isolate affected routers in separate network segments
- Implement strict firewall rules to limit SSH access to trusted IPs only
🔍 How to Verify
Check if Vulnerable:
Attempt SSH login using known hard-coded credentials (specific credentials not provided in references)Check Version:
cat /etc/version or check web interface system infoVerify Fix Applied:
Verify SSH login fails with previously known credentials and check firmware version against patched versions📡 Detection & Monitoring
Log Indicators:
- Failed SSH login attempts followed by successful root login
- Multiple root SSH sessions from unusual IPs
Network Indicators:
- SSH traffic to router from unexpected sources
- Unusual outbound connections from router
SIEM Query:
source="router_logs" (event="ssh" AND user="root" AND result="success")