What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2018-10578.

What is the severity level of CVE-2018-10578?

The severity level of CVE-2018-10578 is critical with a score of 9.8 out of 10.

What is the impact of CVE-2018-10578?

The vulnerability allows an attacker to bypass validation of the "old password" field in the change password form.

Is there a fix available for CVE-2018-10578?

Yes, upgrading the firmware to version 1.2.9.15 for AP100, AP102, and AP200 devices, and version 2.0.0.10 for AP300 devices resolves the vulnerability.

Vulnerability/
CVE-2018-10578

critical

9.8

CWE

2/5/2018

5/8/2024

CVE-2018-10578: Input Validation

First published: Wed May 02 2018(Updated: )

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Watchguard Ap200 Firmware	<1.2.9.15
Watchguard Ap200
Watchguard Ap102 Firmware	<1.2.9.15
Watchguard Ap102
Watchguard Ap100 Firmware	<1.2.9.15
WatchGuard AP100
Watchguard Ap300 Firmware	<2.0.0.10
Watchguard Ap300

Never miss a vulnerability like this again

Reference Links

http://seclists.org/fulldisclosure/2018/May/12

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-10578.
What is the severity level of CVE-2018-10578?
The severity level of CVE-2018-10578 is critical with a score of 9.8 out of 10.
Which WatchGuard devices and firmware versions are affected by CVE-2018-10578?
WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10 are affected.
What is the impact of CVE-2018-10578?
The vulnerability allows an attacker to bypass validation of the "old password" field in the change password form.
Is there a fix available for CVE-2018-10578?
Yes, upgrading the firmware to version 1.2.9.15 for AP100, AP102, and AP200 devices, and version 2.0.0.10 for AP300 devices resolves the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/author
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/watchguard
canonical/watchguard ap200 firmware
canonical/watchguard ap200
canonical/watchguard ap102 firmware
canonical/watchguard ap102
canonical/watchguard ap100 firmware
canonical/watchguard ap100
canonical/watchguard ap300 firmware
canonical/watchguard ap300

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.