Fortiap U
Monthly
OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements.
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
OS command injection in Fortinet FortiAP, FortiAP-U, and FortiAP-W2 allows authenticated privileged attackers to execute arbitrary code via maliciously crafted CLI requests. Affected versions span FortiAP 6.4 through 7.6.2, FortiAP-U 6.2 through 7.0.5, and FortiAP-W2 7.0 through 7.4.4. The vulnerability requires high-privilege administrative access and local CLI interaction, limiting exposure to trusted insider threats or compromised management interfaces. CVSS 6.1 reflects the high impact (code execution with full system privileges) constrained by authentication and local access requirements.
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.