Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-10575

🗓️ 30 Apr 2018 22:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

WatchGuard AP100, AP102, AP200 devices with hardcoded SSH credential

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Watchguard Hard-Coded Credentials / Failed Controls Vulnerability
3 May 201800:00
zdt
0day.today		Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Exploit
15 Sep 201800:00
zdt
CNVD		WatchGuard AP100, AP102 and AP200 Hardcoded Credentials Vulnerability
3 May 201800:00
cnvd
Cvelist		CVE-2018-10575
30 Apr 201822:00
cvelist
exploitpack		Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
14 Sep 201800:00
exploitpack
NVD		CVE-2018-10575
30 Apr 201822:29
nvd
OSV		CVE-2018-10575
30 Apr 201822:29
osv
Packet Storm		Watchguard Hard-Coded Credentials / Failed Controls
3 May 201800:00
packetstorm
Packet Storm		Watchguard AP100/AP102/AP200 1.2.9.15 Remote Code Execution
15 Sep 201800:00
packetstorm
Prion		Hardcoded credentials
30 Apr 201822:29
prion
Rows per page
NVD
Node
watchguardap200_firmwareRange<1.2.9.15
AND
watchguardap200Match-
Node
watchguardap102_firmwareRange<1.2.9.15
AND
watchguardap102Match-
Node
watchguardap100_firmwareRange<1.2.9.15
AND
watchguardap100Match-
ParameterPositionPathDescriptionCWE
filenameupload datacgi-bin/luci/;#{stok}/wguploadHidden file upload vulnerability enabling remote code execution via wgupload (authenticated session required)CWE-798
md5sumupload datacgi-bin/luci/;#{stok}/wguploadHidden file upload vulnerability enabling remote code execution via wgupload (authenticated session required)CWE-798
serialupload datacgi-bin/luci/;#{stok}/wguploadHidden file upload vulnerability enabling remote code execution via wgupload (authenticated session required)CWE-798
payloadupload datacgi-bin/luci/;#{stok}/wguploadHidden file upload vulnerability enabling remote code execution via wgupload (authenticated session required)CWE-798
AUTH_USERheadercgi-bin/luci/Hidden authentication method allowing bypass via HTTP headers AUTH_USER/AUTH_PASS to gain web interface accessCWE-798
AUTH_PASSheadercgi-bin/luci/Hidden authentication method allowing bypass via HTTP headers AUTH_USER/AUTH_PASS to gain web interface accessCWE-798

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 01:34Current
9.2High risk
Vulners AI Score9.2
CVSS 27.5
CVSS 39.8
EPSS0.08671
CWE-798
watchguardap100ap102ap200firmwarehardcoded credentialssshnvdcve-2018-10575
65