CVE-2018-10576

CVSS 7.8 - HIGH

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).

Affected Products

6

Vendor	Product	Version
watchguard	ap200_firmware	`All versions`
watchguard	ap200	`-`
watchguard	ap102_firmware	`All versions`
watchguard	ap102	`-`
watchguard	ap100_firmware	`All versions`
watchguard	ap100	`-`

References

http://seclists.org/fulldisclosure/2018/May/12

https://watchguardsupport.secure.force.com/publicK...

https://www.exploit-db.com/exploits/45409/

https://www.watchguard.com/wgrd-blog/new-firmware-...

http://seclists.org/fulldisclosure/2018/May/12

https://watchguardsupport.secure.force.com/publicK...

https://www.exploit-db.com/exploits/45409/

https://www.watchguard.com/wgrd-blog/new-firmware-...

Weakness Types

CWE-287

CVE Information

CVE ID:: CVE-2018-10576
Published:: 2018-04-30
Modified:: 2024-11-21
CVSS Score:: 7.8
Severity:: HIGH
Vector:: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors

watchguard

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL