Improper Authentication in WatchGuard Access Points
CVE-2018-10576

7.8HIGH

Key Information:

Vendor

Watchguard

Status
Ap200 Firmware
Vendor
CVE Published:
30 April 2018

What is CVE-2018-10576?

A vulnerability exists in the WatchGuard AP100, AP102, and AP200 access points due to improper authentication handling by the web UI. This flaw allows users to authenticate through local system accounts instead of the specified web-only accounts, potentially compromising the security of the device and the network it supports. Users of affected firmware versions prior to 1.2.9.15 should upgrade to safeguard against unauthorized access.

References

https://www.watchguard.com/wgrd-blog/new-firmware-availab...
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2018/May/12
mailing-listx_refsource_FULLDISC
https://www.exploit-db.com/exploits/45409/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.