CVE-2024-40750

MEDIUM

Linksys Velop Pro 6E - Info Disclosure

Title source: llm

Description

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.

References (2)

[Issue Tracking] https://news.ycombinator.com/item?id=40917312

[Press/Media Coverage] https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Products (2)

linksys/mbe7000_firmware 1.0.10.215314

linksys/mx6200_firmware 1.0.8.215731

Published Jul 09, 2024

Tracked Since Feb 18, 2026