Published: 30/04/2018 Updated: 16/09/2018

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 465

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).

Vulnerable Product	Search on Vulmon	Subscribe to Product
watchguard ap200_firmware
watchguard ap102_firmware
watchguard ap100_firmware

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, ...

Watchguard AP100/AP102/AP200 version 12915 suffers from a remote code execution vulnerability ...

WatchGuard Access Points running firmware before version 12915 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities ...

CWE-287 https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy http://seclists.org/fulldisclosure/2018/May/12 https://www.exploit-db.com/exploits/45409/https://nvd.nist.gov https://www.exploit-db.com/exploits/45409/

CVE-2018-10576

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect