CVE-2018-10575 Information

Description

An issue was discovered on WatchGuard AP100 AP102 and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2018/May/12 https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy https://www.exploit-db.com/exploits/45409/ https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8