CVE-2014-8243

CWE-3103 documents3 sources

Severity

3.3LOW

EPSS

0.2%

top 63.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys E4200v2 Firmware Linksys Ea2700 Firmware Linksys Ea3500 Firmware +7 more

Timeline

PublishedNov 1

Latest updateMay 17

Description

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 6.5 | Impact: 2.9

Affected Packages10 packages

▶NVDlinksys/ea2700_firmware2.0.14294

▶NVDlinksys/ea3500_firmware2.0.14294

▶NVDlinksys/ea4500_firmware2.0.14212.1

▶NVDlinksys/ea6200_firmware1.1.41

▶NVDlinksys/ea6300_firmware1.1.40

Patches

Patch: www.kb.cert.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-6f82-gvjq-mgfm: Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2↗2022-05-17

▶

CVEList

CVE-2014-8243: Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2↗2014-11-01

▶