PT-2018-1576 · Watchguard · Watchguard Ap300+3
Stephen Shkardoon
·
Published
2018-04-04
·
Updated
2018-09-16
·
CVE-2018-10577
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WatchGuard AP100 versions prior to 1.2.9.15
WatchGuard AP102 versions prior to 1.2.9.15
WatchGuard AP200 versions prior to 1.2.9.15
WatchGuard AP300 versions prior to 2.0.0.10
Description
The issue is related to insufficient restriction on file upload functionality, allowing authenticated users on the web interface to upload files containing code to the web root, which can then be executed as root. This can enable a remote attacker to execute arbitrary commands.
Recommendations
For WatchGuard AP100 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP102 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP200 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP300 versions prior to 2.0.0.10, update the firmware to version 2.0.0.10 or later.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Watchguard Ap100
Watchguard Ap102
Watchguard Ap200
Watchguard Ap300