Vulnerability CVE-2018-10577


Published: 2018-05-02

Description:
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

See advisories in our WLB2 database:
Topic
Author
Date
High
Watchguard AP100 AP102 AP200 1.2.9.15 Remote Code Execution
Stephen Shkardoo...
14.09.2018

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://seclists.org/fulldisclosure/2018/May/12
https://www.exploit-db.com/exploits/45409/

Copyright 2019, cxsecurity.com

 

Back to Top