PT-2018-9975 · Watchguard · Watchguard Ap300+3

Stephen Shkardoon

Published

2018-05-02

Updated

2018-06-13

CVE-2018-10578

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WatchGuard AP100 versions prior to 1.2.9.15 WatchGuard AP102 versions prior to 1.2.9.15 WatchGuard AP200 versions prior to 1.2.9.15 WatchGuard AP300 versions prior to 2.0.0.10

Description: An issue allows an attacker to bypass validation of the old password field in the change password form due to incorrect validation.

Recommendations: For WatchGuard AP100 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP102 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP200 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP300 versions prior to 2.0.0.10, update to version 2.0.0.10 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-10578

Affected Products

Watchguard Ap100

Watchguard Ap102

Watchguard Ap200

Watchguard Ap300

PT-2018-9975 · Watchguard · Watchguard Ap300+3

CVE-2018-10578

Weakness Enumeration

Related Identifiers

Affected Products

References · 3