WatchGuard AP100, AP102 and AP200 Security Bypass Vulnerabilities

The WatchGuard AP100, AP102 and AP200 are all different series of indoor wireless access point devices from WatchGuard USA. A security vulnerability exists in the WatchGuard AP100, AP102, and AP200, AP300 that stems from the program failing to properly validate the 'old password' field in the...

CVE-2018-10577

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files...

CVE-2018-10578

The CVE affects WatchGuard AP100, AP102, AP200 (firmware < 1.2.9.15) and AP300 (firmware

CVE-2018-10577

WatchGuard AP100/AP102/AP200 devices running firmware before 1.2.9.15 and AP300 devices before 2.0.0.10 are affected by CVE-2018-10577. The issue allows any user authenticated on the web interface to upload files to the web root, where they can be executed with root privileges, enabling remote co...

CVE-2018-10575

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

Authentication flaw

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account instead of the dedicated web-only user...

CVE-2018-10575

WatchGuard AP100/ AP102/ AP200 devices with firmware before 1.2.9.15 contain hard-coded credentials for an unprivileged SSH account with a /bin/false shell, enabling pre-auth remote access and potential remote code execution. Public exploit modules (Metasploit-related) reference CVE-2018-10575, a...

CVE-2018-10575

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false...

CVE-2018-10576

CVE-2018-10576 affects WatchGuard AP100, AP102, and AP200 running firmware before 1.2.9.15. The vulnerability is an improper authentication handling in the native AP web UI, allowing access using a local system account instead of a dedicated web-user. Multiple connected sources corroborate vulner...