CVE-2021-22126

Published: Mar 17, 2025Modified: Jul 24, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: psirt@fortinet.com (Secondary)

Description

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

Affected (5)

Products: Fortinet: Fortiwlc

Fortinet

1 product

Fortiwlc

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiwlc	From 8.4.0 to 8.5.3
Fortinet Fortiwlc	Version 8.2.6
Fortinet Fortiwlc	Version 8.2.7
Fortinet Fortiwlc	Version 8.3.2
Fortinet Fortiwlc	Version 8.3.3

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-20-147

Source: psirt@fortinet.com

Vendor Advisory

Timeline

No history available yet.