CVE-2025-1143: Billion Electric Routers Vulnerable to Remote Takeover Due to Hard-coded Credentials

The Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) has issued a security advisory warning of a vulnerability affecting several models of Billion Electric routers. The vulnerability, identified as CVE-2025-1143 and assigned a CVSS score of 8.4, could allow attackers to gain complete control of affected devices.

The vulnerability stems from the use of hard-coded embedded Linux credentials in the affected router models. Attackers could exploit this vulnerability by logging in through the SSH service using these credentials, thereby gaining root privileges on the device.

“Certain models of routers from Billion Electric has hard-coded embedded Linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of the system,” TWCERT/CC wrote.

The following Billion Electric router models are affected:

• M100
• M150
• M120N
• M500

Billion Electric has released firmware updates to address the CVE-2025-1143 vulnerability. Users of the affected router models are strongly advised to update their devices to the latest firmware versions as soon as possible.

The following firmware updates are available:

• For firmware version 1.04.1.592.x, please update to 1.04.1.592.10 or later.
• For firmware version 1.04.1.613.x, please update to 1.04.1.613.14 or later.
• For all other firmware version 1.04.1.x, please update to 1.04.1.676 or later.

In addition to updating their firmware, users are advised to take the following steps to mitigate the risk of exploitation:

• Change the default SSH password to a strong, unique password.
• Disable SSH access from the internet if it is not required.
• Enable automatic firmware updates to ensure that devices are always running the latest security patches.
• Monitor network traffic for suspicious activity.

Related Posts:

• Western Digital ‘My Cloud’ Storage Devices exist secret hard-coded backdoor
• Schneider Electric Warns of Multiple Vulnerabilities in Modicon Controllers
• Fuji Electric Indonesia Suffers Ransomware Attack: Business Partner Data Potentially Leaked
• Schneider Electric Fixes 16 security flaws on U.motion Builder software