CVE-2018-10575

CVSS 9.8 - CRITICAL

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

Affected Products

6

Vendor	Product	Version
watchguard	ap200_firmware	`All versions`
watchguard	ap200	`-`
watchguard	ap102_firmware	`All versions`
watchguard	ap102	`-`
watchguard	ap100_firmware	`All versions`
watchguard	ap100	`-`

References

http://seclists.org/fulldisclosure/2018/May/12

https://watchguardsupport.secure.force.com/publicK...

https://www.exploit-db.com/exploits/45409/

https://www.watchguard.com/wgrd-blog/new-firmware-...

http://seclists.org/fulldisclosure/2018/May/12

https://watchguardsupport.secure.force.com/publicK...

https://www.exploit-db.com/exploits/45409/

https://www.watchguard.com/wgrd-blog/new-firmware-...

Weakness Types

CWE-798

CVE Information

CVE ID:: CVE-2018-10575
Published:: 2018-04-30
Modified:: 2024-11-21
CVSS Score:: 9.8
Severity:: CRITICAL
Vector:: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

watchguard

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL