CVE-2014-8243 : Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 16

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.

Published 2014-11-01 10:55:03

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2014-8243

Linksys » Ea6500 Firmware » Update 153731
Versions up to, including, (<=) 1.1.40
cpe:2.3:o:linksys:ea6500_firmware:*:153731:*:*:*:*:*:*
Matching versions
Linksys » Ea6500 » Version: N/A
cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea4500 Firmware
Versions up to, including, (<=) 2.0.14212.1
cpe:2.3:o:linksys:ea4500_firmware:*:*:*:*:*:*:*:*
Matching versions
Linksys » Ea4500 » Version: N/A
cpe:2.3:h:linksys:ea4500:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea6400 Firmware » Update 153731
Versions up to, including, (<=) 1.1.40
cpe:2.3:o:linksys:ea6400_firmware:*:153731:*:*:*:*:*:*
Matching versions
Linksys » Ea6400 » Version: N/A
cpe:2.3:h:linksys:ea6400:-:*:*:*:*:*:*:*
Matching versions
Linksys » E4200v2 Firmware
Versions up to, including, (<=) 2.0.14212.1
cpe:2.3:o:linksys:e4200v2_firmware:*:*:*:*:*:*:*:*
Matching versions
Linksys » E4200v2 » Version: N/A
cpe:2.3:h:linksys:e4200v2:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea6300 Firmware » Update 153731
Versions up to, including, (<=) 1.1.40
cpe:2.3:o:linksys:ea6300_firmware:*:153731:*:*:*:*:*:*
Matching versions
Linksys » Ea6300 » Version: N/A
cpe:2.3:h:linksys:ea6300:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea6900 Firmware » Update 158863
Versions up to, including, (<=) 1.1.42
cpe:2.3:o:linksys:ea6900_firmware:*:158863:*:*:*:*:*:*
Matching versions
Linksys » Ea6900 » Version: N/A
cpe:2.3:h:linksys:ea6900:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea2700 Firmware
Versions up to, including, (<=) 2.0.14294
cpe:2.3:o:linksys:ea2700_firmware:*:*:*:*:*:*:*:*
Matching versions
Linksys » Ea2700 » Version: N/A
cpe:2.3:h:linksys:ea2700:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea3500 Firmware
Versions up to, including, (<=) 2.0.14294
cpe:2.3:o:linksys:ea3500_firmware:*:*:*:*:*:*:*:*
Matching versions
Linksys » Ea3500 » Version: N/A
cpe:2.3:h:linksys:ea3500:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea6200 Firmware » Update 153743
Versions up to, including, (<=) 1.1.41
cpe:2.3:o:linksys:ea6200_firmware:*:153743:*:*:*:*:*:*
Matching versions
Linksys » Ea6200 » Version: N/A
cpe:2.3:h:linksys:ea6200:-:*:*:*:*:*:*:*
Matching versions
Linksys » Ea6700 Firmware » Update 153731
Versions up to, including, (<=) 1.1.40
cpe:2.3:o:linksys:ea6700_firmware:*:153731:*:*:*:*:*:*
Matching versions
Linksys » Ea6700 » Version: N/A
cpe:2.3:h:linksys:ea6700:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-8243

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-8243

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:A/AC:L/Au:N/C:P/I:N/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-8243

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-8243

http://www.kb.cert.org/vuls/id/447516

VU#447516 - Linksys SMART WiFi firmware contains multiple vulnerabilities
Exploit;Patch;Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-8243

Products affected by CVE-2014-8243

Exploit prediction scoring system (EPSS) score for CVE-2014-8243

CVSS scores for CVE-2014-8243

CWE ids for CVE-2014-8243

References for CVE-2014-8243