Remote Code Execution in Linksys SMART WiFi Firmware on Multiple Devices
CVE-2014-8243

Currently unrated

Key Information:

Vendor: Linksys
Status: Ea4500 Firmware; Ea4500
Vendor: CVE Published:; 1 November 2014

Summary

The Linksys SMART WiFi firmware on various EA series devices contains a vulnerability that allows remote attackers to retrieve the administrator's MD5 password hash through a direct HTTP request to the /.htpasswd URI. This weakness could potentially lead to unauthorized access and control over the affected network devices, compromising the security and integrity of user data.

References

http://www.kb.cert.org/vuls/id/447516

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Nov 1, 2014
Vulnerability Reserved
Oct 12, 2014