37 matches found
CVE-2025-53680
An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...
CVE-2025-53680
An improper neutralization of special elements used in an OS command "OS Command Injection" vulnerability CWE-78 vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 throug...
EUVD-2023-40578
Malicious code in bioql PyPI...
EUVD-2022-52252
Malicious code in bioql PyPI...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2021-22126
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded...
CVE-2021-22126
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point Meru AP and FortiAP-U as root using the default hard-coded...
CVE-2022-30301
A path traversal vulnerability CWE-22 in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2023-25608
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...
Design/Logic Flaw
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
Design/Logic Flaw
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2023-36634
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...
CVE-2023-36634
FortiAP-U CVE-2023-36634 applies to FortiAP-U versions 5.4–7.0.0 and 6.0–6.2.5, due to incomplete filtering of special elements (CWE-792) in the command line interpreter. An authenticated attacker could list and delete arbitrary files/directories via specially crafted command arguments. The impac...
CVE-2023-25608
An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all...
Fortinet FortiAP-U Security Vulnerability
Fortinet FortiAP-U is a controller for managing wireless access point devices from Fortinet, Inc. A security vulnerability exists in Fortinet FortiAP-U that could allow an authenticated attacker to list and delete arbitrary files and directories via constructed command parameters. Affected produc...
PT-2023-25646
Name of the Vulnerable Software and Affected Versions FortiAP-U versions 5.4 through 7.0.0 FortiAP-U versions 6.0 through 6.2.5 Description An incomplete filtering of special elements in the command line interpreter may allow an authenticated attacker to list and delete arbitrary files and...
The vulnerability of the command-line interface (CLI) of Fortinet FortiAP-U micro-programming system allows a malicious actor to gain unauthorized access to read, modify, and delete files, as well as execute arbitrary commands.
The vulnerability of the command-line interface CLI of Fortinet FortiAP-U micro-programming system lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, and delete files, as wel...