cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-26093,https://securityvulnerability.io/vulnerability/CVE-2021-26093,Local Access Control Vulnerability in Fortinet's Wireless Controller Products,"CVE-2021-26093 describes a vulnerability within Fortinet's FortiWLC wireless controller software, specifically versions 8.6.0, 8.5.3, and prior releases. This security flaw involves an uninitialized pointer access (CWE-824), which could empower a local and authenticated attacker to execute specially crafted CLI commands. By doing so, the attacker could potentially crash the managed access point, leading to significant disruptions in network reliability and availability. Organizations using impacted versions are strongly advised to assess their vulnerability management protocols and apply recommended patches to safeguard their network environments.",Fortinet,Fortiwlc,6.6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-19T07:47:44.394Z,0
CVE-2021-42758,https://securityvulnerability.io/vulnerability/CVE-2021-42758,,An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.,Fortinet,Fortinet Fortiwlc,8.8,HIGH,0.0022499999031424522,false,false,false,false,,false,false,2021-12-08T10:53:03.000Z,0
CVE-2020-9288,https://securityvulnerability.io/vulnerability/CVE-2020-9288,,An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.,Fortinet,Fortinet Fortiwlc,5.4,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2020-06-22T15:14:43.000Z,0
CVE-2017-17540,https://securityvulnerability.io/vulnerability/CVE-2017-17540,,The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortiwlc,9.8,CRITICAL,0.0018899999558925629,false,false,false,false,,false,false,2018-05-08T04:29:00.000Z,0
CVE-2017-17539,https://securityvulnerability.io/vulnerability/CVE-2017-17539,,The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortiwlc,9.8,CRITICAL,0.0018899999558925629,false,false,false,false,,false,false,2018-05-08T04:29:00.000Z,0
CVE-2017-7335,https://securityvulnerability.io/vulnerability/CVE-2017-7335,,"A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters ""refresh"" and ""branchtotable"" present in HTTP POST requests.",Fortinet,Fortiwlc,5.4,MEDIUM,0.0004799999878741801,false,false,false,false,,false,false,2017-10-26T13:00:00.000Z,0
CVE-2017-7341,https://securityvulnerability.io/vulnerability/CVE-2017-7341,,"An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.",Fortinet,Fortiwlc,7.2,HIGH,0.0009800000116229057,false,false,false,false,,false,false,2017-10-26T13:00:00.000Z,0
CVE-2017-3134,https://securityvulnerability.io/vulnerability/CVE-2017-3134,,An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.,Fortinet,Fortinet Fortiwlc-sd,7.2,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2017-05-27T00:29:00.000Z,0
CVE-2016-8491,https://securityvulnerability.io/vulnerability/CVE-2016-8491,,The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.,Fortinet,Fortinet Fortiwlc,9.1,CRITICAL,0.0015399999683722854,false,false,false,false,,false,false,2017-02-01T17:00:00.000Z,0
CVE-2016-7561,https://securityvulnerability.io/vulnerability/CVE-2016-7561,,"Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.",Fortinet,Fortiwlc,7.2,HIGH,0.001019999966956675,false,false,false,false,,false,false,2016-10-05T16:00:00.000Z,0
CVE-2016-7560,https://securityvulnerability.io/vulnerability/CVE-2016-7560,,"The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.",Fortinet,Fortiwlc,9.8,CRITICAL,0.0033199999015778303,false,false,false,false,,false,false,2016-10-05T16:00:00.000Z,0