Authentication Bypass Vulnerability in WatchGuard Access Points
CVE-2018-10578

9.8CRITICAL

Key Information:

Vendor: Watchguard
Status: Ap200 Firmware
Vendor: CVE Published:; 2 May 2018

What is CVE-2018-10578?

A security vulnerability exists in WatchGuard AP100, AP102, and AP200 devices due to improper validation of the 'old password' field in the password change form. This flaw enables unauthorized users to bypass the intended password validation, potentially allowing an attacker to change the password and gain access to device configurations. Devices with firmware versions below 1.2.9.15 for AP100, AP102, and AP200 and before 2.0.0.10 for AP300 are specifically affected, which raises significant security concerns for network integrity.

References

http://seclists.org/fulldisclosure/2018/May/12

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2018
Vulnerability Reserved
Apr 30, 2018

Watchguard

What is CVE-2018-10578?

References

CVSS V3.1

Timeline