Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

πŸ“„ WatchGuard Firebox Default Credentials / SSH Access

πŸ—“οΈΒ 03 Nov 2025Β 00:00:00Reported byΒ Chanakya Neelarapu, Mark GibsonTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstorm.newsπŸ‘Β 296Β Views

WatchGuard Firebox default SSH on port 4118 permits unauthenticated admin access with admin:readwrite.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for CVE-2025-59396
3 Nov 202511:12
–githubexploit
Circl		CVE-2025-59396
3 Nov 202510:12
–circl
CNNVD		ηΌ–ε·ζ’€ε›ž
6 Nov 202500:00
–cnnvd
CVE		CVE-2025-59396
6 Nov 202500:00
–cve
Cvelist		CVE-2025-59396
6 Nov 202500:00
–cvelist
EUVD		EUVD-2025-38053
6 Nov 202518:32
–euvd
NVD		CVE-2025-59396
6 Nov 202517:15
–nvd
Packet Storm		πŸ“„ WatchGuard Firebox Default SSH Credentials
11 Mar 202600:00
–packetstorm
Positive Technologies		PT-2025-45340
6 Nov 202500:00
–ptsecurity
RedhatCVE		CVE-2025-59396
7 Nov 202513:46
–redhatcve
Rows per page
CVE-2025-59396 – WatchGuard Firebox Default Configuration Allows Unauthorized SSH Access via Port 4118
    Description
    The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials (admin:readwrite). This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication.
    Impact
    An unauthenticated attacker can:
    
    Retrieve sensitive information such as ARP tables, network configurations, user accounts, feature keys, and device location data.
    Modify or disable firewall rules and security policies.
    Perform lateral movement within the internal network.
    Exfiltrate data or disrupt services.
    
    This results in a complete compromise of the Firebox appliance and the network it protects.
    Vulnerability Type
    
    Misconfiguration / Insecure Defaults
    Authentication Bypass via Default Credentials
    
    Attack Vector
    Remote access via SSH on port 4118 using:
    
    Username: admin
    Password: readwrite
    
    Tools like PuTTY or any SSH client can be used to exploit this vulnerability.
    Affected Product
    
    Vendor: WatchGuard
    Product: Firebox series (specific models and firmware versions TBD)
    Component: SSH Service (Port 4118)
    Status: Exposed by default
    
    Discoverers
    
    Chanakya Neelarapu
    Mark Gibson
    
    CVE ID
    
    CVE-2025-59396
    
    Impacts
    
    βœ… Remote Code Execution
    βœ… Privilege Escalation
    βœ… Information Disclosure
    βœ… Network Exposure and Lateral Movement
    
    Reference
    
    https://www.watchguard.com/wgrd-products/firewalls

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Nov 2025 00:00Current
7.2High risk
Vulners AI Score7.2
EPSS0.00043
default credentialswatchguard fireboxssh accessport 4118misconfigurationinsecure defaultsunauthenticated accessremote accessinformation disclosurenetwork lateral movement
296