PT-2014-8438 · Linksys · Ea6300+9
Kyle Lovett
+1
·
Published
2014-11-01
·
Updated
2014-11-04
·
CVE-2014-8244
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Linksys SMART WiFi firmware versions prior to 2.1.41 build 162351 on E4200v2 and EA4500 devices
Linksys SMART WiFi firmware versions prior to 1.1.41 build 162599 on EA6200 devices
Linksys SMART WiFi firmware versions prior to 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices
Linksys SMART WiFi firmware versions prior to 1.1.42 build 161129 on EA6900 devices
Linksys SMART WiFi firmware on EA2700 and EA3500 devices
Description
The issue allows remote attackers to obtain sensitive information or modify data via a JNAP action in a JNAP/HTTP request.
Recommendations
For versions prior to 2.1.41 build 162351 on E4200v2 and EA4500 devices, update to version 2.1.41 build 162351 or later.
For versions prior to 1.1.41 build 162599 on EA6200 devices, update to version 1.1.41 build 162599 or later.
For versions prior to 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices, update to version 1.1.40 build 160989 or later.
For versions prior to 1.1.42 build 161129 on EA6900 devices, update to version 1.1.42 build 161129 or later.
For EA2700 and EA3500 devices, update the Linksys SMART WiFi firmware to the latest version.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
E4200V2
Ea2700
Ea3500
Ea4500
Ea6200
Ea6300
Ea6400
Ea6500
Ea6700
Ea6900