CVE-2024-40750 - Vulnerability Details - OpenCVE

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linksys	Mbe7000 Mbe7000 Firmware Mx6200 Mx6200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:linksys:mx6200_firmware:1.0.8.215731:*:*:*:*:*:*:*

cpe:2.3:h:linksys:mx6200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:linksys:mbe7000_firmware:1.0.10.215314:*:*:*:*:*:*:*

cpe:2.3:h:linksys:mbe7000:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://news.ycombinator.com/item?id=40917312
https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/

History

Mon, 30 Jun 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linksys Linksys mbe7000 Linksys mbe7000 Firmware Linksys mx6200 Linksys mx6200 Firmware
CPEs		cpe:2.3:h:linksys:mbe7000:-:::::::* cpe:2.3:h:linksys:mx6200:-:::::::* cpe:2.3:o:linksys:mbe7000_firmware:1.0.10.215314:::::::* cpe:2.3:o:linksys:mx6200_firmware:1.0.8.215731:::::::*
Vendors & Products		Linksys Linksys mbe7000 Linksys mbe7000 Firmware Linksys mx6200 Linksys mx6200 Firmware

Fri, 22 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-312
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-07-09T00:00:00

Updated: 2024-11-22T18:57:15.426Z

Reserved: 2024-07-09T00:00:00

Link: CVE-2024-40750

Vulnrichment

Updated: 2024-08-02T04:33:11.987Z

NVD

Status : Analyzed

Published: 2024-07-09T20:15:12.357

Modified: 2025-06-30T15:15:24.097

Link: CVE-2024-40750

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-40750", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-22T18:57:15.426Z", "dateReserved": "2024-07-09T00:00:00", "datePublished": "2024-07-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-09T19:24:54.579362"}, "descriptions": [{"lang": "en", "value": "Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/"}, {"url": "https://news.ycombinator.com/item?id=40917312"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T20:15:20.846486Z", "id": "CVE-2024-40750", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T18:57:15.426Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.987Z"}, "title": "CVE Program Container", "references": [{"url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40917312", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/", "tags": ["x_transferred"]}, {"url": "https://news.ycombinator.com/item?id=40917312", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.987Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-40750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T20:15:20.846486Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T20:15:27.875Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/"}, {"url": "https://news.ycombinator.com/item?id=40917312"}], "descriptions": [{"lang": "en", "value": "Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-07-09T19:24:54.579362"}}}, "cveMetadata": {"cveId": "CVE-2024-40750", "state": "PUBLISHED", "dateUpdated": "2024-11-22T18:57:15.426Z", "dateReserved": "2024-07-09T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-07-09T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mx6200_firmware:1.0.8.215731:*:*:*:*:*:*:*", "matchCriteriaId": "98BE0603-7E43-48A9-8838-1884AC4BD6F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mx6200:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BC95C8A-2720-467C-A911-1896C625A473", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linksys:mbe7000_firmware:1.0.10.215314:*:*:*:*:*:*:*", "matchCriteriaId": "1AC4F3D2-AF7F-47A4-B6D9-304B7EA62C44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:linksys:mbe7000:-:*:*:*:*:*:*:*", "matchCriteriaId": "56643D1C-DB0B-40A3-9029-E3B95241BB8D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation."}, {"lang": "es", "value": "Los dispositivos Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 y 7 1.0.10.215314 env\u00edan contrase\u00f1as de Wi-Fi en texto plano a trav\u00e9s de Internet p\u00fablico durante la instalaci\u00f3n basada en aplicaciones."}], "id": "CVE-2024-40750", "lastModified": "2025-06-30T15:15:24.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-09T20:15:12.357", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://news.ycombinator.com/item?id=40917312"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage"], "url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://news.ycombinator.com/item?id=40917312"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage"], "url": "https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}