CVE-2014-8243

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.
References
Link Resource
http://www.kb.cert.org/vuls/id/447516 Exploit Patch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/447516 Exploit Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:ea4500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:ea4500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:linksys:ea6500_firmware:*:153731:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:linksys:ea6400_firmware:*:153731:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:linksys:e4200v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:e4200v2:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:linksys:ea6300_firmware:*:153731:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6300:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:linksys:ea6900_firmware:*:158863:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6900:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:linksys:ea2700_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:ea2700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:linksys:ea3500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:linksys:ea3500:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:linksys:ea6200_firmware:*:153743:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6200:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:linksys:ea6700_firmware:*:153731:*:*:*:*:*:*
cpe:2.3:h:linksys:ea6700:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:18

Type Values Removed Values Added
References () http://www.kb.cert.org/vuls/id/447516 - Exploit, Patch, Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/447516 - Exploit, Patch, Third Party Advisory, US Government Resource

Information

Published : 2014-11-01 10:55

Updated : 2024-11-21 02:18


NVD link : CVE-2014-8243

Mitre link : CVE-2014-8243

CVE.ORG link : CVE-2014-8243


JSON object : View

Products Affected

linksys

  • ea6400_firmware
  • e4200v2_firmware
  • ea4500_firmware
  • ea6300_firmware
  • ea6200_firmware
  • ea6500_firmware
  • ea6900_firmware
  • ea4500
  • e4200v2
  • ea6700
  • ea6900
  • ea6400
  • ea6500
  • ea6700_firmware
  • ea2700
  • ea3500
  • ea3500_firmware
  • ea6200
  • ea2700_firmware
  • ea6300
CWE
CWE-310

Cryptographic Issues