Linksys Ea6500 Firmware vulnerabilities

5 known vulnerabilities affecting linksys/ea6500_firmware.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM1LOW2

Vulnerabilities

Page 1 of 1

CVE-2014-8244HIGHCVSS 7.5≤ 1.1.402014-11-01

CVE-2014-8244 [HIGH] CWE-200 CVE-2014-8244: Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data

CVE-2014-8243LOWCVSS 3.3≤ 1.1.402014-11-01

CVE-2014-8243 [LOW] CWE-310 CVE-2014-8243: Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash

CVE-2013-3066HIGHCVSS 7.1v1.1.28.1478762014-09-29

CVE-2013-3066 [HIGH] CWE-264 CVE-2013-3066: Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote at Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.

CVE-2013-3064MEDIUMCVSS 6.8v1.1.28.1478762014-09-29

CVE-2013-3064 [MEDIUM] CVE-2013-3064: Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.1478 Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter.

CVE-2013-3065LOWCVSS 3.5v1.1.28.1478762014-09-29

CVE-2013-3065 [LOW] CWE-79 CVE-2013-3065: Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with fir Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.