Published: 02/05/2018 Updated: 16/09/2018

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

An issue exists on WatchGuard AP100, AP102, and AP200 devices with firmware prior to 1.2.9.15, and AP300 devices with firmware prior to 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
watchguard ap200_firmware
watchguard ap102_firmware
watchguard ap100_firmware
watchguard ap300_firmware

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, ...

Watchguard AP100/AP102/AP200 version 12915 suffers from a remote code execution vulnerability ...

WatchGuard Access Points running firmware before version 12915 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities ...

CWE-434 http://seclists.org/fulldisclosure/2018/May/12 https://www.exploit-db.com/exploits/45409/https://nvd.nist.gov https://www.exploit-db.com/exploits/45409/

CVE-2018-10577

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect