EUVD-2025-209800

An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...

CVE-2025-53680

Fortinet FortiAP family (FortiAP 7.6.0–7.6.2, 7.4.0–7.4.5, 7.2 all, 7.0 all, 6.4 all; FortiAP-U 7.0.0–7.0.5, 6.2 all; FortiAP-W2 7.4.0–7.4.4, 7.2 all, 7.0 all) are affected by an OS Command Injection via crafted CLI requests. The vulnerability arises from improper neutralization of special elemen...

CVE-2022-29058

An improper neutralization of special elements CWE-89 used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4....

CVE-2021-26106

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments...

CVE-2019-15709

An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI...