billion CVE Vulnerabilities & Metrics

Focus on billion vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About billion Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with billion. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total billion CVEs: 10
Earliest CVE date: 02 May 2019, 17:29 UTC
Latest CVE date: 09 Jan 2020, 17:15 UTC

Latest CVE reference: CVE-2019-14920

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical billion CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 8.32

Max CVSS: 10.0

Critical CVEs (≥9): 7

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	0
7.0-8.9	2
9.0-10.0	7

CVSS Distribution Chart

Top 5 Highest CVSS billion CVEs

These are the five CVEs with the highest CVSS scores for billion, sorted by severity first and recency.

CVE-2017-18369 billion Published on 02 May 2019, 17:29 UTC (CVSS: 10.0)
The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.
CVE-2017-18368 billion Published on 02 May 2019, 17:29 UTC (CVSS: 10.0)
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.
CVE-2019-14920 billion Published on 09 Jan 2020, 17:15 UTC (CVSS: 9.0)
Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.
CVE-2017-18374 billion Published on 02 May 2019, 17:29 UTC (CVSS: 9.0)
The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.
CVE-2017-18373 billion Published on 02 May 2019, 17:29 UTC (CVSS: 9.0)
The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, explo...

All CVEs for billion

CVE-2019-14920 billion vulnerability CVSS: 9.0 09 Jan 2020, 17:15 UTC

Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an authenticated attacker to gain root execution privileges over the device via a hidden etc_ro/web/adm/system_command.asp shell feature.

CVE-2019-14919 billion vulnerability CVSS: 7.2 09 Jan 2020, 17:15 UTC

An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device.

CVE-2019-14918 billion vulnerability CVSS: 3.5 09 Jan 2020, 17:15 UTC

XSS in the DHCP lease-status table in Billion Smart Energy Router SG600R2 Firmware v3.02.rc6 allows an attacker to inject arbitrary HTML/JavaScript code to achieve client-side code execution via crafted DHCP request packets to etc_ro/web/internet/dhcpcliinfo.asp.

CVE-2017-18374 billion vulnerability CVSS: 9.0 02 May 2019, 17:29 UTC

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to login to the web interface, exploit authenticated command injections and change router settings for malicious purposes.

CVE-2017-18373 billion vulnerability CVSS: 9.0 02 May 2019, 17:29 UTC

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user3 and and a long password consisting of a repetition of the string 0123456789. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

CVE-2017-18372 billion vulnerability CVSS: 9.0 02 May 2019, 17:29 UTC

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and can be exploited through the uiViewSNTPServer parameter. Authentication can be achieved by exploiting CVE-2017-18373.

CVE-2017-18371 billion vulnerability CVSS: 7.5 02 May 2019, 17:29 UTC

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor and password zyad1234. These accounts can be used to login to the web interface, exploit authenticated command injections, and change router settings for malicious purposes.

CVE-2017-18370 billion vulnerability CVSS: 9.0 02 May 2019, 17:29 UTC

The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP parameter. Authentication can be achieved by exploiting CVE-2017-18371.

CVE-2017-18369 billion vulnerability CVSS: 10.0 02 May 2019, 17:29 UTC

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and can be exploited through the syslogServerAddr parameter.

CVE-2017-18368 billion vulnerability CVSS: 10.0 02 May 2019, 17:29 UTC

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the ViewLog.asp page and can be exploited through the remote_host parameter.