CVE-2024-40750

Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linksys:mx6200_firmware:1.0.8.215731:*:*:*:*:*:*:*
cpe:2.3:h:linksys:mx6200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:linksys:mbe7000_firmware:1.0.10.215314:*:*:*:*:*:*:*
cpe:2.3:h:linksys:mbe7000:-:*:*:*:*:*:*:*

History

30 Jun 2025, 15:15

Type Values Removed Values Added
First Time Linksys mx6200
Linksys mbe7000
Linksys mx6200 Firmware
Linksys
Linksys mbe7000 Firmware
References () https://news.ycombinator.com/item?id=40917312 - () https://news.ycombinator.com/item?id=40917312 - Issue Tracking
References () https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ - () https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ - Press/Media Coverage
CPE cpe:2.3:h:linksys:mx6200:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:mx6200_firmware:1.0.8.215731:*:*:*:*:*:*:*
cpe:2.3:h:linksys:mbe7000:-:*:*:*:*:*:*:*
cpe:2.3:o:linksys:mbe7000_firmware:1.0.10.215314:*:*:*:*:*:*:*

22 Nov 2024, 19:15

Type Values Removed Values Added
CWE CWE-312
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3

21 Nov 2024, 09:31

Type Values Removed Values Added
References () https://news.ycombinator.com/item?id=40917312 - () https://news.ycombinator.com/item?id=40917312 -
References () https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ - () https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ -

11 Jul 2024, 13:06

Type Values Removed Values Added
Summary
  • (es) Los dispositivos Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 y 7 1.0.10.215314 envían contraseñas de Wi-Fi en texto plano a través de Internet público durante la instalación basada en aplicaciones.

09 Jul 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 20:15

Updated : 2025-06-30 15:15


NVD link : CVE-2024-40750

Mitre link : CVE-2024-40750

CVE.ORG link : CVE-2024-40750


JSON object : View

Products Affected

linksys

  • mbe7000
  • mx6200_firmware
  • mx6200
  • mbe7000_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information