CVE-2018-10577
Last modified
CVE-2018-10577 is a vulnerability of currently unknown severity. An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.. EPSS estimates a 6.59% chance of exploitation in the next 30 days.
Description
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Ap200 Firmware | < 1.2.9.15 |
| Watchguard | Ap102 Firmware | < 1.2.9.15 |
| Watchguard | Ap100 Firmware | < 1.2.9.15 |
| Watchguard | Ap300 Firmware | < 2.0.0.10 |
References
- http://seclists.org/fulldisclosure/2018/May/12Mailing List, Third Party Advisory
- http://seclists.org/fulldisclosure/2018/May/12Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10577?
How severe is CVE-2018-10577?
How do I fix CVE-2018-10577?
Are you affected by CVE-2018-10577?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST