CVE-2018-10577

moderate-risk
Published 2018-05-02

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

Do I need to act?

~
3.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45409
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (4)

Ap200 Firmware
Ap102 Firmware
Ap100 Firmware
Ap300 Firmware

Affected Vendors

Watchguard

References (4)

Mailing List http://seclists.org/fulldisclosure/2018/May/12
https://www.exploit-db.com/exploits/45409/
Mailing List http://seclists.org/fulldisclosure/2018/May/12
https://www.exploit-db.com/exploits/45409/
47
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 10/34 · Low