PT-2018-9974 · Watchguard · Watchguard Ap200+2
Stephen Shkardoon
·
Published
2018-04-30
·
Updated
2018-09-16
·
CVE-2018-10576
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WatchGuard AP100 versions prior to 1.2.9.15
WatchGuard AP102 versions prior to 1.2.9.15
WatchGuard AP200 versions prior to 1.2.9.15
Description:
An issue was discovered that allows improper authentication handling by the native Access Point web UI. This enables authentication using a local system account instead of the dedicated web-only user.
Recommendations:
For WatchGuard AP100 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP102 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
For WatchGuard AP200 versions prior to 1.2.9.15, update the firmware to version 1.2.9.15 or later.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Watchguard Ap100
Watchguard Ap102
Watchguard Ap200