CVE-2014-8244

EXPLOITED

Linksys SMART WiFi Firmware - Exposure of Sensitive Information via JNAP HTTP Request

Title source: llm

Exploitation Summary

CVE-2014-8244 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including JollyJumbuckk.

AI-analyzed exploit summary This repository contains a Python3 script to scan for Linksys smart Wi-Fi devices vulnerable to CVE-2014-8244, which leaks sensitive information. It checks for default admin credentials and device presence via JNAP API endpoints.

Description

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/ HTTP request.

Exploits (1)

nomisec SCANNER 6 stars

by JollyJumbuckk · poc

https://github.com/JollyJumbuckk/LinksysLeaks

View Code ZIP pw:eip

This repository contains a Python3 script to scan for Linksys smart Wi-Fi devices vulnerable to CVE-2014-8244, which leaks sensitive information. It checks for default admin credentials and device presence via JNAP API endpoints.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Linksys Smart Wi-Fi devices (JNAP API)

No auth needed

Prerequisites: Network access to target devices · JNAP API exposed on port 80/443

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/447516

Scores

EPSS 0.0398

EPSS Percentile 89.1%

Details

VulnCheck KEV 2021-04-12

CWE

CWE-200

Status published

Products (20)

linksys/e4200v2

linksys/e4200v2_firmware < 2.0.14212.1

linksys/ea2700

linksys/ea2700_firmware < 2.0.14294

linksys/ea3500

linksys/ea3500_firmware < 2.0.14294

linksys/ea4500

linksys/ea4500_firmware < 2.0.14212.1

linksys/ea6200

linksys/ea6200_firmware < 1.1.41

... and 10 more

Published Nov 01, 2014

Tracked Since Feb 18, 2026