Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-10575

🗓️ 30 Apr 2018 22:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 60 Views🌐 WEB

WatchGuard AP100, AP102, AP200 devices with hardcoded SSH credential

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Watchguard Hard-Coded Credentials / Failed Controls Vulnerability
3 May 201800:00
zdt
0day.today		Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Exploit
15 Sep 201800:00
zdt
CNVD		WatchGuard AP100, AP102 and AP200 Hardcoded Credentials Vulnerability
3 May 201800:00
cnvd
Cvelist		CVE-2018-10575
30 Apr 201822:00
cvelist
exploitpack		Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
14 Sep 201800:00
exploitpack
NVD		CVE-2018-10575
30 Apr 201822:29
nvd
OSV		CVE-2018-10575
30 Apr 201822:29
osv
Packet Storm		Watchguard Hard-Coded Credentials / Failed Controls
3 May 201800:00
packetstorm
Packet Storm		Watchguard AP100/AP102/AP200 1.2.9.15 Remote Code Execution
15 Sep 201800:00
packetstorm
Prion		Hardcoded credentials
30 Apr 201822:29
prion
Rows per page
NVD
Node
watchguardap200_firmwareRange<1.2.9.15
AND
watchguardap200Match-
Node
watchguardap102_firmwareRange<1.2.9.15
AND
watchguardap102Match-
Node
watchguardap100_firmwareRange<1.2.9.15
AND
watchguardap100Match-
ParameterPositionPathDescriptionCWE
AUTH_USERpathcgi-bin/luci/;#{stok}/wguploadPOST upload of a payload via wgupload to enable remote code executionCWE-798
AUTH_PASSpathcgi-bin/luci/;#{stok}/wguploadPOST upload of a payload via wgupload to enable remote code executionCWE-798
serialpathcgi-bin/luci/;#{stok}/wguploadPOST upload of a payload via wgupload to enable remote code executionCWE-798
filenamepathcgi-bin/luci/;#{stok}/wguploadPOST upload of a payload via wgupload to enable remote code executionCWE-798
AUTH_USERpathcgi-bin/luci/;#{stok}/html/StatusAccess to status page to obtain serial for exploitationCWE-798
AUTH_PASSpathcgi-bin/luci/;#{stok}/html/StatusAccess to status page to obtain serial for exploitationCWE-798
AUTH_USERpathcgi-bin/payload.luciLua payload that executes system command after upload (remote code execution)CWE-798
AUTH_PASSpathcgi-bin/payload.luciLua payload that executes system command after upload (remote code execution)CWE-798
serialpathcgi-bin/payload.luciLua payload that executes system command after upload (remote code execution)CWE-798
AUTH_USERheadercgi-bin/luci/Hidden authentication method using HTTP headers to bypass standard loginCWE-798
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 03:41Current
9.2High risk
Vulners AI Score9.2
CVSS 27.5
CVSS 39.8
EPSS0.11206
CWE-798
watchguardap100ap102ap200firmwarehardcoded credentialssshnvdcve-2018-10575
60