Published: 30/04/2018 Updated: 16/09/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

Vulnerable Product	Search on Vulmon	Subscribe to Product
watchguard ap200_firmware
watchguard ap102_firmware
watchguard ap100_firmware

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, ...

Watchguard AP100/AP102/AP200 version 12915 suffers from a remote code execution vulnerability ...

WatchGuard Access Points running firmware before version 12915 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities ...

CWE-798 https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy http://seclists.org/fulldisclosure/2018/May/12 https://www.exploit-db.com/exploits/45409/https://nvd.nist.gov https://www.exploit-db.com/exploits/45409/

CVE-2018-10575

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect