CVE-2014-8243

Exp

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI.

Published: 2014-11-01 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2014-8243 is rated Exploit Available (51.7/100): CVSS Low severity, with medium exploitation likelihood (EPSS 1.20%). 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.00% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2014-8243

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2014-8243

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.20% 1.20% +1.00%
2 2024-12-18 0.28% 0.20% -0.08%
3 2024-12-17 0.28%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-8243

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
3.3 2.0 LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:A)
Requires access to an adjacent network segment.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 6.5 2.9 [email protected]

Weakness enumeration for CVE-2014-8243

Affected software / configurations for CVE-2014-8243

Vendor Product Version Raw CPE
linksys ea4500_firmware <= 2.0.14212.1 cpe:2.3:o:linksys:ea4500_firmware:*:*:*:*:*:*:*:*
linksys ea4500 cpe:2.3:h:linksys:ea4500:-:*:*:*:*:*:*:*
linksys ea6500_firmware <= 1.1.40 cpe:2.3:o:linksys:ea6500_firmware:*:153731:*:*:*:*:*:*
linksys ea6500 cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*
linksys ea6400_firmware <= 1.1.40 cpe:2.3:o:linksys:ea6400_firmware:*:153731:*:*:*:*:*:*
linksys ea6400 cpe:2.3:h:linksys:ea6400:-:*:*:*:*:*:*:*
linksys e4200v2_firmware <= 2.0.14212.1 cpe:2.3:o:linksys:e4200v2_firmware:*:*:*:*:*:*:*:*
linksys e4200v2 cpe:2.3:h:linksys:e4200v2:-:*:*:*:*:*:*:*
linksys ea6300_firmware <= 1.1.40 cpe:2.3:o:linksys:ea6300_firmware:*:153731:*:*:*:*:*:*
linksys ea6300 cpe:2.3:h:linksys:ea6300:-:*:*:*:*:*:*:*
linksys ea6900_firmware <= 1.1.42 cpe:2.3:o:linksys:ea6900_firmware:*:158863:*:*:*:*:*:*
linksys ea6900 cpe:2.3:h:linksys:ea6900:-:*:*:*:*:*:*:*
linksys ea2700_firmware <= 2.0.14294 cpe:2.3:o:linksys:ea2700_firmware:*:*:*:*:*:*:*:*
linksys ea2700 cpe:2.3:h:linksys:ea2700:-:*:*:*:*:*:*:*
linksys ea3500_firmware <= 2.0.14294 cpe:2.3:o:linksys:ea3500_firmware:*:*:*:*:*:*:*:*
linksys ea3500 cpe:2.3:h:linksys:ea3500:-:*:*:*:*:*:*:*
linksys ea6200_firmware <= 1.1.41 cpe:2.3:o:linksys:ea6200_firmware:*:153743:*:*:*:*:*:*
linksys ea6200 cpe:2.3:h:linksys:ea6200:-:*:*:*:*:*:*:*
linksys ea6700_firmware <= 1.1.40 cpe:2.3:o:linksys:ea6700_firmware:*:153731:*:*:*:*:*:*
linksys ea6700 cpe:2.3:h:linksys:ea6700:-:*:*:*:*:*:*:*

References for CVE-2014-8243

URL Tags
http://www.kb.cert.org/vuls/id/447516 Exploit Patch Third Party Advisory US Government Resource
cvelogic Threat Intelligence