CVE-2022-26318

CRITICAL KEV

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

Title source: metasploit

Description

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.

Exploits (6)

nomisec WORKING POC 10 stars

by misterxid · remote

https://github.com/misterxid/watchguard_cve-2022-26318

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by h3llk4t3 · remote

https://github.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by BabyTeam1024 · poc

https://github.com/BabyTeam1024/CVE-2022-26318

View Code ZIP pw:eip

nomisec WORKING POC

by egilas · remote

https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318

View Code ZIP pw:eip

inthewild

poc

https://github.com/throns1956/watchguard_cve-2022-26318

View on inthewild

metasploit WORKING POC GOOD

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/watchguard_firebox_unauth_rce_cve_2022_26318.rb

View Code ZIP pw:eip

References (2)

[Release Notes, Vendor Advisory] https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html#Fireware/en-US/resolved_issues.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26318

Scores

CVSS v3 9.8

EPSS 0.9223

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-25

VulnCheck KEV 2022-03-17

InTheWild.io 2022-03-25

ENISA EUVD EUVD-2022-30879

Status published

Products (4)

watchguard/fireware 12.1.3 (8 CPE variants)

watchguard/fireware 12.5.9 u1

watchguard/fireware 12.7.2 u1

watchguard/fireware 12.0.0 - 12.1.3

Published Mar 04, 2022

KEV Added Mar 25, 2022

Tracked Since Feb 18, 2026