PT-2018-1576 · Watchguard · Watchguard Ap300+3
Stephen Shkardoon
·
Publicado
2018-04-04
·
Atualizado
2018-09-16
·
CVE-2018-10577
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WatchGuard AP100 versions prior to 1.2.9.15
WatchGuard AP102 versions prior to 1.2.9.15
WatchGuard AP200 versions prior to 1.2.9.15
WatchGuard AP300 versions prior to 2.0.0.10
Description
The issue is related to insufficient restriction on file upload functionality, allowing authenticated users on the web interface to upload files containing code to the web root, which can then be executed as root. This can enable a remote attacker to execute arbitrary commands.
Recommendations
For WatchGuard AP100 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP102 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP200 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP300 versions prior to 2.0.0.10, update the firmware to version 2.0.0.10 or later.
Exploit
Correção
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Watchguard Ap100
Watchguard Ap102
Watchguard Ap200
Watchguard Ap300