Vulnerability Details : CVE-2014-8244
Potential exploit
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.
Vulnerability category: Information leak
Products affected by CVE-2014-8244
- cpe:2.3:o:linksys:ea6500_firmware:*:153731:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea4500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea4500:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea6400_firmware:*:153731:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6400:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:e4200v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:e4200v2:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea6300_firmware:*:153731:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6300:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea6900_firmware:*:158863:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6900:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea2700_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea2700:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea3500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea3500:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea6200_firmware:*:153743:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6200:-:*:*:*:*:*:*:*
- cpe:2.3:o:linksys:ea6700_firmware:*:153731:*:*:*:*:*:*
- cpe:2.3:h:linksys:ea6700:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8244
1.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8244
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8244
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8244
-
http://www.kb.cert.org/vuls/id/447516
VU#447516 - Linksys SMART WiFi firmware contains multiple vulnerabilitiesExploit;Patch;Third Party Advisory;US Government Resource
Jump to