← Back

CVE-2018-10577

nvd nist
Published: May 2, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

Affected (4)

Watchguard
4 products
Ap200 Firmware
Ap102 Firmware
Ap100 Firmware
Ap300 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ap200 Firmware
Before 1.2.9.15
Running on/withPlatform Versions
Watchguard
Ap200
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ap102 Firmware
Before 1.2.9.15
Running on/withPlatform Versions
Watchguard
Ap102
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ap100 Firmware
Before 1.2.9.15
Running on/withPlatform Versions
Watchguard
Ap100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ap300 Firmware
Before 2.0.0.10
Running on/withPlatform Versions
Watchguard
Ap300
All versions

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.