Login Sign Up

CVE-2024-40750

5.3 MEDIUM

📋 TL;DR

Linksys Velop Pro 6E and 7 routers transmit Wi-Fi passwords in unencrypted plaintext over the internet during initial setup via the mobile app. This exposes network credentials to potential interception by attackers on the network path. All users of affected router models performing app-based setup are vulnerable.

💻 Affected Systems

Products:
  • Linksys Velop Pro 6E MX6200
  • Linksys Velop 7
Versions: Velop Pro 6E: 1.0.8 (specifically MX6200_1.0.8.215731), Velop 7: 1.0.10.215314
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers during initial setup via Linksys mobile app; manual setup may not be affected.

📦 What is this software?

Mbe7000 Firmware by Linksys

View all CVEs affecting Mbe7000 Firmware →

Mx6200 Firmware by Linksys

View all CVEs affecting Mx6200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercepting the transmission could obtain the Wi-Fi password, gain unauthorized network access, conduct man-in-the-middle attacks, and potentially compromise connected devices.

🟠

Likely Case

Network sniffers or ISP-level monitoring could capture the password, leading to unauthorized Wi-Fi access and network reconnaissance.

🟢

If Mitigated

With encryption in transit, passwords remain protected even if transmission occurs; risk limited to other vulnerabilities.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires intercepting network traffic between router and Linksys servers during setup; no authentication needed for the vulnerable transmission itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor Linksys for firmware updates addressing CWE-312.

🔧 Temporary Workarounds

Avoid App-Based Setup

all

Perform router setup manually via web interface instead of using the mobile app to prevent cleartext transmission.

Change Wi-Fi Password

all

If already set up via app, change the Wi-Fi password manually to mitigate potential exposure.

🧯 If You Can't Patch

  • Use wired connection for initial setup to reduce exposure over Wi-Fi
  • Monitor network for unusual traffic to/from Linksys servers

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface; if using affected versions and app-based setup was used, assume vulnerable.

Check Version:

Log into router admin panel (typically http://192.168.1.1) and navigate to firmware/version section.

Verify Fix Applied:

Verify firmware is updated to a version later than those listed; check vendor advisories for fix confirmation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound traffic to Linksys domains during setup
  • Cleartext password strings in network logs

Network Indicators:

  • HTTP traffic containing password fields sent to Linksys servers without encryption

SIEM Query:

Not applicable; requires deep packet inspection capabilities.

📊 Metadata

CVE ID: CVE-2024-40750
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-312
Published: July 9, 2024
Last Updated: June 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40750, you might also want to check these:

CVE-2022-43757 9.9

CVE-2022-43757 is a cleartext storage vulnerability in SUSE Rancher that allows users on managed clu...

Same vulnerability type (CWE-312)
CVE-2021-29954 9.8

This vulnerability in Hubs Cloud's Reticulum software allowed attackers to use the proxy functionali...

Same vulnerability type (CWE-312)
CVE-2022-26148 9.8

This vulnerability exposes Zabbix account passwords in Grafana's HTML source code when integrated wi...

Same vulnerability type (CWE-312)