CVE-2018-10577

HIGH

WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - RCE

Title source: llm

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

Exploits (1)

exploitdb WORKING POC

by Stephen Shkardoon · rubywebappslinux

https://www.exploit-db.com/exploits/45409

View Code ZIP pw:eip

References (2)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/May/12

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45409/

Scores

CVSS v3 8.8

EPSS 0.0346

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (4)

watchguard/ap100_firmware < 1.2.9.15

watchguard/ap102_firmware < 1.2.9.15

watchguard/ap200_firmware < 1.2.9.15

watchguard/ap300_firmware < 2.0.0.10

Published May 02, 2018

Tracked Since Feb 18, 2026