Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Fortiwlc Security Vulnerabilities

cve
cve

CVE-2021-42758

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI...

8.8CVSS

8.7AI Score

0.002EPSS

2021-12-08 11:15 AM
16
cve
cve

CVE-2020-9288

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius...

5.4CVSS

5AI Score

0.001EPSS

2020-06-22 04:15 PM
29
cve
cve

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote...

9.8CVSS

9.3AI Score

0.002EPSS

2018-05-08 04:29 AM
22
cve
cve

CVE-2017-17540

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote...

9.8CVSS

7.6AI Score

0.002EPSS

2018-05-08 04:29 AM
25
cve
cve

CVE-2017-7335

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and...

5.4CVSS

5.2AI Score

0.001EPSS

2017-10-26 01:29 PM
23
cve
cve

CVE-2017-7341

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP...

7.2CVSS

7.5AI Score

0.002EPSS

2017-10-26 01:29 PM
36
cve
cve

CVE-2017-3134

An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy...

7.2CVSS

7.4AI Score

0.001EPSS

2017-05-27 12:29 AM
20
cve
cve

CVE-2016-8491

The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote...

9.1CVSS

9.1AI Score

0.002EPSS

2017-02-01 05:59 PM
18
cve
cve

CVE-2016-7561

Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log...

7.2CVSS

6.8AI Score

0.001EPSS

2016-10-05 04:59 PM
17
cve
cve

CVE-2016-7560

The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified...

9.8CVSS

9.2AI Score

0.004EPSS

2016-10-05 04:59 PM
17