Vulnerability Description
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Ap200 Firmware | < 1.2.9.15 |
| Watchguard | Ap200 | - |
| Watchguard | Ap102 Firmware | < 1.2.9.15 |
| Watchguard | Ap102 | - |
| Watchguard | Ap100 Firmware | < 1.2.9.15 |
| Watchguard | Ap100 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCIDVendor Advisory
- https://www.exploit-db.com/exploits/45409/
- https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300Vendor Advisory
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCIDVendor Advisory
- https://www.exploit-db.com/exploits/45409/
- https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300Vendor Advisory
FAQ
What is CVE-2018-10576?
CVE-2018-10576 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a lo...
How severe is CVE-2018-10576?
CVE-2018-10576 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10576?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Ap200 Firmware, Watchguard Ap200, Watchguard Ap102 Firmware, Watchguard Ap102, Watchguard Ap100 Firmware.