PT-2024-29027 · Linksys · Linksys Velop Pro 6E
Published
2024-07-09
·
Updated
2024-11-22
·
CVE-2024-40750
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Linksys Velop Pro 6E version 1.0.8
Linksys Velop Pro 6E version 1.0.10.215314
Description
The issue concerns Linksys Velop Pro 6E devices sending cleartext Wi-Fi passwords over the public Internet during app-based installation.
Recommendations
For version 1.0.8, consider disabling app-based installation until a patch is available.
For version 1.0.10.215314, avoid using the app-based installation feature to prevent cleartext Wi-Fi password transmission.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linksys Velop Pro 6E