CVE-2014-8243

Severity CVSS v4.0:
Pending analysis
Type:
CWE-310 Cryptographic Issues
Publication date:
01/11/2014
Last modified:
12/04/2025

Description

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linksys:ea4500_firmware:*:*:*:*:*:*:*:* 2.0.14212.1 (including)
cpe:2.3:h:linksys:ea4500:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea6500_firmware:*:153731:*:*:*:*:*:* 1.1.40 (including)
cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea6400_firmware:*:153731:*:*:*:*:*:* 1.1.40 (including)
cpe:2.3:h:linksys:ea6400:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:e4200v2_firmware:*:*:*:*:*:*:*:* 2.0.14212.1 (including)
cpe:2.3:h:linksys:e4200v2:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea6300_firmware:*:153731:*:*:*:*:*:* 1.1.40 (including)
cpe:2.3:h:linksys:ea6300:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea6900_firmware:*:158863:*:*:*:*:*:* 1.1.42 (including)
cpe:2.3:h:linksys:ea6900:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea2700_firmware:*:*:*:*:*:*:*:* 2.0.14294 (including)
cpe:2.3:h:linksys:ea2700:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:ea3500_firmware:*:*:*:*:*:*:*:* 2.0.14294 (including)