PT-2014-8437 · Linksys · Ea6300+9
Kyle Lovett
+1
·
Published
2014-11-01
·
Updated
2014-11-04
·
CVE-2014-8243
CVSS v2.0
3.3
Low
| Vector | AV:A/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Linksys SMART WiFi firmware versions prior to 2.1.41 build 162351 on E4200v2 and EA4500 devices
Linksys SMART WiFi firmware versions prior to 1.1.41 build 162599 on EA6200 devices
Linksys SMART WiFi firmware versions prior to 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices
Linksys SMART WiFi firmware versions prior to 1.1.42 build 161129 on EA6900 devices
Linksys SMART WiFi firmware on EA2700 and EA3500 devices
Description
The issue allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.
Recommendations
For Linksys SMART WiFi firmware on EA2700 and EA3500 devices, update to a version that fixes this issue.
For Linksys SMART WiFi firmware on E4200v2 and EA4500 devices, update to version 2.1.41 build 162351 or later.
For Linksys SMART WiFi firmware on EA6200 devices, update to version 1.1.41 build 162599 or later.
For Linksys SMART WiFi firmware on EA6300, EA6400, EA6500, and EA6700 devices, update to version 1.1.40 build 160989 or later.
For Linksys SMART WiFi firmware on EA6900 devices, update to version 1.1.42 build 161129 or later.
As a temporary workaround, consider restricting access to the /.htpasswd URI until a patch is available.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E4200V2
Ea2700
Ea3500
Ea4500
Ea6200
Ea6300
Ea6400
Ea6500
Ea6700
Ea6900