Описание
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.9.15 (исключая)
Одновременно
cpe:2.3:o:watchguard:ap200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:ap200:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 1.2.9.15 (исключая)
Одновременно
cpe:2.3:o:watchguard:ap102_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:ap102:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 1.2.9.15 (исключая)
Одновременно
cpe:2.3:o:watchguard:ap100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:ap100:-:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00252
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
EPSS
Процентиль: 48%
0.00252
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287