Vulnerabilities > Watchguard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-10532 | Cleartext Storage of Sensitive Information vulnerability in Watchguard AD Helper Firmware The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. | 5.0 |
| 2020-02-07 | CVE-2014-6413 | Cross-site Scripting vulnerability in Watchguard Fireware XTM 11.8.3 A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11.8.3 via the poll_name parameter in the firewall/policy script. | 4.3 |
| 2020-01-07 | CVE-2019-18652 | Cross-site Scripting vulnerability in Watchguard Xmt515 Firmware 12.3 A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. | 4.3 |
| 2019-08-23 | CVE-2016-6154 | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
| 2018-05-02 | CVE-2018-10578 | Improper Input Validation vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 7.5 |
| 2018-05-02 | CVE-2018-10577 | Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. | 9.0 |
| 2018-04-30 | CVE-2018-10576 | Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 4.6 |
| 2018-04-30 | CVE-2018-10575 | Use of Hard-coded Credentials vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. | 7.5 |
| 2017-10-23 | CVE-2015-2878 | Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912 Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. | 6.8 |
| 2017-09-20 | CVE-2017-14616 | Resource Exhaustion vulnerability in Watchguard Fireware An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. | 7.8 |