Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  >> Fortiwlc  >> 8.2-4-0  Security Vulnerabilities
CVE-2021-32584
An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 and below, version 8.2.7 to 8.2.4, version 8.1.3 may allow an unauthenticated and remote attacker to access certain areas of the web management CGI functionality by just specifying the correct URL. The vulnerability applies only to limited CGI resources and might allow the unauthorized party to access configuration details.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-03-17
CVE-2021-26093
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-12-19
CVE-2020-9288
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-22
CVE-2017-17539
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-08
CVE-2017-17540
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-08
CVE-2016-8491
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
CVSS Score
9.1
EPSS Score
0.003
Published
2017-02-01
CVE-2016-7561
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
CVSS Score
7.2
EPSS Score
0.003
Published
2016-10-05
CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
CVSS Score
9.8
EPSS Score
0.026
Published
2016-10-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved