CVE-2021-26102

CRITICAL

FortiWAN 4.4.0-4.5.7 - Unauthenticated Path Traversal via Crafted POST Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26102. PoCs published by SleepyCofe.

AI-analyzed exploit summary The PoC exploits an authentication bypass vulnerability in FortiWAN by sending a crafted POST request to delete the admin password file, resetting credentials to default (Administrator:1234). It demonstrates the vulnerability by leveraging a path traversal flaw in the login.php script.

Description

A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.

Exploits (1)

nomisec WORKING POC 8 stars
by SleepyCofe · poc
https://github.com/SleepyCofe/CVE-2021-26102

The PoC exploits an authentication bypass vulnerability in FortiWAN by sending a crafted POST request to delete the admin password file, resetting credentials to default (Administrator:1234). It demonstrates the vulnerability by leveraging a path traversal flaw in the login.php script.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: FortiWAN (version not specified)
No auth needed
Prerequisites: Network access to the target FortiWAN device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.1636
EPSS Percentile 96.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22 CWE-305
Status published
Products (1)
fortinet/fortiwan 4.4.0 - 4.5.8
Published Dec 19, 2024
Tracked Since Feb 18, 2026