CVE-2024-40750
low-risk
Published 2024-07-09
Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
LOCAL
/ LOW complexity
Affected Products (2)
Mx6200 Firmware
Mbe7000 Firmware
Affected Vendors
References (4)
Issue Tracking
https://news.ycombinator.com/item?id=40917312
Press/Media Coverage
https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-t...
Issue Tracking
https://news.ycombinator.com/item?id=40917312
Press/Media Coverage
https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-t...
25
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
7/34 · Low