Fortinet

Fortiwlc

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.7

CVE-2021-22126

  • EPSS 0.02%
  • Veröffentlicht 17.03.2025 13:05:55
  • Zuletzt bearbeitet 24.07.2025 20:16:08

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and Fort...

5.3

CVE-2021-32584

  • EPSS 0.06%
  • Veröffentlicht 17.03.2025 13:05:44
  • Zuletzt bearbeitet 24.07.2025 20:17:07

An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access ...

6.1

CVE-2021-26087

  • EPSS 0.03%
  • Veröffentlicht 17.03.2025 13:05:19
  • Zuletzt bearbeitet 24.07.2025 20:16:57

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated remote attackers and non-authenticated attackers in t...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

6.5

CVE-2021-26093

  • EPSS 0.04%
  • Veröffentlicht 19.12.2024 08:15:14
  • Zuletzt bearbeitet 21.01.2025 20:44:31

An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.

9

CVE-2021-42758

  • EPSS 0.25%
  • Veröffentlicht 08.12.2021 11:15:11
  • Zuletzt bearbeitet 21.11.2024 06:28:06

An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

5.4

CVE-2020-9288

  • EPSS 0.2%
  • Veröffentlicht 22.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:21

An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.

10

CVE-2017-17539

  • EPSS 0.42%
  • Veröffentlicht 08.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:07

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.

10

CVE-2017-17540

  • EPSS 0.42%
  • Veröffentlicht 08.05.2018 04:29:00
  • Zuletzt bearbeitet 21.11.2024 03:18:07

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.

5.4

CVE-2017-7335

  • EPSS 0.25%
  • Veröffentlicht 26.10.2017 13:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-s...