CVE-2018-10577

HIGH

WatchGuard AP100-AP200/AP300 <1.2.9.15/<2.0.0.10 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10577. PoCs published by Stephen Shkardoon.

AI-analyzed exploit summary This Metasploit module exploits a backdoor account in Watchguard AP devices to authenticate, upload a malicious payload, and execute it via a Lua script, resulting in remote code execution.

Description

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root.

Exploits (1)

exploitdb WORKING POC
by Stephen Shkardoon · rubywebappslinux
https://www.exploit-db.com/exploits/45409

This Metasploit module exploits a backdoor account in Watchguard AP devices to authenticate, upload a malicious payload, and execute it via a Lua script, resulting in remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Watchguard AP devices
Auth required
Prerequisites: Network access to the target device · Valid credentials (default or known)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/12
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45409/

Scores

CVSS v3 8.8
EPSS 0.0346
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (4)
watchguard/ap100_firmware < 1.2.9.15
watchguard/ap102_firmware < 1.2.9.15
watchguard/ap200_firmware < 1.2.9.15
watchguard/ap300_firmware < 2.0.0.10
Published May 02, 2018
Tracked Since Feb 18, 2026