Vulnerabilities > Watchguard

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-10577 Unrestricted Upload of File with Dangerous Type vulnerability in Watchguard products
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10.
network
low complexity
watchguard CWE-434
critical
9.0
2018-04-30 CVE-2018-10576 Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.
local
low complexity
watchguard CWE-287
4.6
2018-04-30 CVE-2018-10575 Use of Hard-coded Credentials vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.
network
low complexity
watchguard CWE-798
7.5
2017-10-23 CVE-2015-2878 Cross-Site Request Forgery (CSRF) vulnerability in Watchguard Hawkeye G 3.0.1.4912
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
6.8
2017-09-20 CVE-2017-14616 Resource Exhaustion vulnerability in Watchguard Fireware
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0.
network
low complexity
watchguard CWE-400
7.8
2017-09-20 CVE-2017-14615 Cross-site Scripting vulnerability in Watchguard Fireware
An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0.
network
watchguard CWE-79
4.3
2017-05-05 CVE-2017-8060 Improper Certificate Validation vulnerability in Watchguard Panda Mobile Security 1.1
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
network
high complexity
watchguard CWE-295
5.9
2017-04-30 CVE-2017-8339 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Watchguard Panda Antivirus 18.0
PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.
local
low complexity
watchguard CWE-119
4.9
2017-04-22 CVE-2017-8056 XXE vulnerability in Watchguard Fireware 11.0.2/11.1
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent.
network
low complexity
watchguard CWE-611
5.0
2017-04-22 CVE-2017-8055 Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler.
network
low complexity
watchguard CWE-203
5.0