Fortinet

Fortiwlc

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2021-22126

  • EPSS 0.02%
  • Published 17.03.2025 13:05:55
  • Last modified 24.07.2025 20:16:08

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and Fort...

5.3

CVE-2021-32584

  • EPSS 0.06%
  • Published 17.03.2025 13:05:44
  • Last modified 24.07.2025 20:17:07

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access ...

6.1

CVE-2021-26087

  • EPSS 0.03%
  • Published 17.03.2025 13:05:19
  • Last modified 24.07.2025 20:16:57

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in t...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Published 22.01.2025 10:15:07
  • Last modified 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

6.5

CVE-2021-26093

  • EPSS 0.04%
  • Published 19.12.2024 08:15:14
  • Last modified 21.01.2025 20:44:31

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.

9

CVE-2021-42758

  • EPSS 0.25%
  • Published 08.12.2021 11:15:11
  • Last modified 21.11.2024 06:28:06

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

5.4

CVE-2020-9288

  • EPSS 0.2%
  • Published 22.06.2020 16:15:12
  • Last modified 21.11.2024 05:40:21

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.

10

CVE-2017-17539

  • EPSS 0.42%
  • Published 08.05.2018 04:29:00
  • Last modified 21.11.2024 03:18:07

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

10

CVE-2017-17540

  • EPSS 0.42%
  • Published 08.05.2018 04:29:00
  • Last modified 21.11.2024 03:18:07

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.

5.4

CVE-2017-7335

  • EPSS 0.25%
  • Published 26.10.2017 13:29:00
  • Last modified 20.04.2025 01:37:25

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-s...