CVE-2014-8243

Linksys SMART WiFi Firmware - Unauthenticated Administrator Password Hash Exposure via /.htpasswd URI

Title source: llm
STIX 2.1

Description

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.

References (1)

Core 1
Core References
Exploit, Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/447516

Scores

EPSS 0.0016
EPSS Percentile 36.2%

Details

CWE
CWE-310
Status published
Products (20)
linksys/e4200v2
linksys/e4200v2_firmware < 2.0.14212.1
linksys/ea2700
linksys/ea2700_firmware < 2.0.14294
linksys/ea3500
linksys/ea3500_firmware < 2.0.14294
linksys/ea4500
linksys/ea4500_firmware < 2.0.14212.1
linksys/ea6200
linksys/ea6200_firmware < 1.1.41
... and 10 more
Published Nov 01, 2014
Tracked Since Feb 18, 2026