CVE-2018-10578 – Watchguard Hard-Coded Credentials / Failed Controls
https://notcve.org/view.php?id=CVE-2018-10578
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15 y en los dispositivos AP300 con firmware en versiones anteriores a la 2.0.0.10. La validación del campo "old password" en el formulario de cambio de contraseña permite que un atacante omita la validación de este campo. WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. • http://seclists.org/fulldisclosure/2018/May/12 • CWE-20: Improper Input Validation •
CVE-2018-10577 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10577
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files to be executed as root. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15 y en los dispositivos AP300 con firmware en versiones anteriores a la 2.0.0.10. La funcionalidad de subida de archivos permite que cualquier usuario autenticado en la interfaz web suba archivos que contienen código al root web, lo que permite que estos archivos se ejecuten como root. WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. • https://www.exploit-db.com/exploits/45409 http://seclists.org/fulldisclosure/2018/May/12 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-10575 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10575
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false. Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15. Existen credenciales embebidas para una cuenta SSH no privilegiada con un shell de /bin/false. WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. • https://www.exploit-db.com/exploits/45409 http://seclists.org/fulldisclosure/2018/May/12 https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes • CWE-798: Use of Hard-coded Credentials •
CVE-2018-10576 – Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10576
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15. La gestión de autenticación incorrecta por parte de la interfaz web de usuario de Access Point permite la autenticación por medio de una cuenta del sistema local (en lugar de un usuario dedicado exclusivo de la web). WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. • https://www.exploit-db.com/exploits/45409 http://seclists.org/fulldisclosure/2018/May/12 https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes • CWE-287: Improper Authentication •
CVE-2015-2878 – Hawkeye-G 3.0.1.4912 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-2878
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist. Múltiples vulnerabilidades Cross-Site Request Forgery (CSRF) en Hexis HawkEye G 3.0.1.4912 permiten que atacantes remotos secuestren la autenticación de administradores para peticiones que (1) añadan cuentas arbitrarias mediante el parámetro name en interface/rest/accounts/json; deshabilitar (2) la concordancia de URL, (3) la inyección DNS, o (4) el sensor de redirección de IP en una petición a interface/rest/dpi/setEnabled/1; o (5) listar los ID de los hashes MD5 de malware en listas blancas mediante el parámetro id en interface/rest/md5-threats/whitelist. • https://www.exploit-db.com/exploits/37686 http://www.securityfocus.com/archive/1/536074/100/0/threaded http://www.securityfocus.com/archive/1/536076/100/0/threaded • CWE-352: Cross-Site Request Forgery (CSRF) •