Vulnerabilities > Watchguard

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2020-10532 Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware
The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI.
network
low complexity
watchguard CWE-312
5.0
2020-02-07 CVE-2014-6413 Cross-Site Scripting vulnerability in Watchguard Fireware XTM 11.8.3
A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script.
network
watchguard CWE-79
4.3
2020-01-07 CVE-2019-18652 Cross-Site Scripting vulnerability in Watchguard Xmt515 Firmware 12.3
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link.
network
watchguard CWE-79
4.3
2019-08-23 CVE-2016-6154 Cross-Site Scripting vulnerability in Watchguard Fireware
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
5.8
2018-05-02 CVE-2018-10578 Improper Input Validation vulnerability in Watchguard products
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10.
network
low complexity
watchguard CWE-20
7.5
2018-05-02 CVE-2018-10577 Unrestricted Upload of File With Dangerous Type vulnerability in Watchguard products
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10.
network
low complexity
watchguard CWE-434
critical
9.0
2018-04-30 CVE-2018-10576 Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.
local
low complexity
watchguard CWE-287
4.6
2018-04-30 CVE-2018-10575 USE of Hard-Coded Credentials vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.
network
low complexity
watchguard CWE-798
7.5
2017-10-23 CVE-2015-2878 Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
6.8
2017-09-20 CVE-2017-14616 Resource Exhaustion vulnerability in Watchguard Fireware
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0.
network
low complexity
watchguard CWE-400
7.8