CVE-2021-22126

Summary

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWLC8.5.0 <= 8.5.2affected
FortinetFortiWLC8.4.4 <= 8.4.8affected
FortinetFortiWLC8.4.0 <= 8.4.2affected
FortinetFortiWLC8.3.2 <= 8.3.3affected
FortinetFortiWLC8.2.6 <= 8.2.7affected

Weaknesses

  • CWE-284: Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References