Vulnerability Description
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Ap200 Firmware | < 1.2.9.15 |
| Watchguard | Ap200 | - |
| Watchguard | Ap102 Firmware | < 1.2.9.15 |
| Watchguard | Ap102 | - |
| Watchguard | Ap100 Firmware | < 1.2.9.15 |
| Watchguard | Ap100 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCIDVendor Advisory
- https://www.exploit-db.com/exploits/45409/
- https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300Vendor Advisory
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCIDVendor Advisory
- https://www.exploit-db.com/exploits/45409/
- https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300Vendor Advisory
FAQ
What is CVE-2018-10575?
CVE-2018-10575 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.
How severe is CVE-2018-10575?
CVE-2018-10575 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-10575?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Ap200 Firmware, Watchguard Ap200, Watchguard Ap102 Firmware, Watchguard Ap102, Watchguard Ap100 Firmware.