Vulnerability Description
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Ap200 Firmware | < 1.2.9.15 |
| Watchguard | Ap200 | - |
| Watchguard | Ap102 Firmware | < 1.2.9.15 |
| Watchguard | Ap102 | - |
| Watchguard | Ap100 Firmware | < 1.2.9.15 |
| Watchguard | Ap100 | - |
| Watchguard | Ap300 Firmware | < 2.0.0.10 |
| Watchguard | Ap300 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/45409/
- http://seclists.org/fulldisclosure/2018/May/12Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/45409/
FAQ
What is CVE-2018-10577?
CVE-2018-10577 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authent...
How severe is CVE-2018-10577?
CVE-2018-10577 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10577?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Ap200 Firmware, Watchguard Ap200, Watchguard Ap102 Firmware, Watchguard Ap102, Watchguard Ap100 Firmware.