CVE-2018-10576

HIGH

WatchGuard AP100-AP200 <1.2.9.15 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10576. PoCs published by Stephen Shkardoon.

AI-analyzed exploit summary This Metasploit module exploits a backdoor account in Watchguard AP devices to authenticate, upload a malicious payload, and execute it via a Lua script, resulting in remote code execution.

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).

Exploits (1)

exploitdb WORKING POC
by Stephen Shkardoon · rubywebappslinux
https://www.exploit-db.com/exploits/45409

This Metasploit module exploits a backdoor account in Watchguard AP devices to authenticate, upload a malicious payload, and execute it via a Lua script, resulting in remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Watchguard AP devices
Auth required
Prerequisites: Network access to the target device · Valid credentials (default or known)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/12
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45409/

Scores

CVSS v3 7.8
EPSS 0.0025
EPSS Percentile 49.0%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-287
Status published
Products (3)
watchguard/ap100_firmware < 1.2.9.15
watchguard/ap102_firmware < 1.2.9.15
watchguard/ap200_firmware < 1.2.9.15
Published Apr 30, 2018
Tracked Since Feb 18, 2026