CVE-2021-22126
17.03.2025, 14:15
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.Enginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortiwlc | 8.4.0 ≤ 𝑥 < 8.5.3 |
| fortinet | fortiwlc | 8.2.6 |
| fortinet | fortiwlc | 8.2.7 |
| fortinet | fortiwlc | 8.3.2 |
| fortinet | fortiwlc | 8.3.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.