Skip to main content

Watchguard

59 CVEs product

Monthly

CVE-2026-13053 HIGH This Week

Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted CLI command into arbitrary code execution via an out-of-bounds write (CWE-787). The flaw affects a very broad version span (Fireware OS 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2), placing most currently and historically deployed WatchGuard Firebox appliances in scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 score of 8.6 reflects full confidentiality/integrity/availability impact once the required privileged access is obtained.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13050 HIGH This Week

Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allows an authenticated privileged administrator to run arbitrary code on the firewall by sending specially crafted requests to the Management Web UI, which trigger an out-of-bounds write in the networkd process. The flaw spans a wide version range (11.8 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2) and carries a CVSS 4.0 base score of 8.6 (High). It was reported by WatchGuard's own PSIRT; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13054 HIGH This Week

Arbitrary file write in the WatchGuard Fireware OS Management Web UI lets a privileged, authenticated administrator escape the intended directory and write files anywhere on a Firebox appliance's filesystem, per CVSS 4.0 (AV:N/PR:H). This affects Fireware OS across the 11.x, 12.x, and 2025.1-2026.2 branches and can be leveraged to tamper with configuration or system binaries, potentially leading to code execution or device compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal Watchguard Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13079 HIGH This Week

Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) lets an authenticated local attacker elevate from a low-privileged account to NT AUTHORITY\SYSTEM on any machine where the client is installed. The flaw is rooted in insecure permission assignment (CWE-732), and there is no public exploit identified at time of analysis, though the vendor-reported nature and full high-impact CVSS (7.3, CVSS 4.0) make it a meaningful endpoint-hardening concern.

Privilege Escalation Watchguard Microsoft Fireware Os
NVD VulDB
CVSS 4.0
7.3
EPSS
0.1%
CVE-2026-8247 HIGH This Week

Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an unauthenticated attacker positioned on the same local/adjacent network segment to trigger an out-of-bounds write and execute arbitrary code. The flaw spans a wide firmware range - 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2 - and was self-reported by WatchGuard via its PSIRT. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-adjacent, unauthenticated, high-impact profile makes it a serious perimeter-device concern.

Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
7.7
EPSS
0.2%
CVE-2026-13728 MEDIUM This Month

WatchGuard Fireware OS deployed in FireCluster high-availability configurations falls back to a static, hard-coded encryption key to protect saved Access Portal credentials under unspecified exception circumstances, meaning any actor who can retrieve those encrypted credential stores can decrypt them offline using the known firmware key. Affected builds span Fireware OS 12.1 through 12.12 and 2025.1 through 2026.2; standalone Fireboxes and devices without Access Portal support are explicitly out of scope. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but CWE-798 class flaws become broadly exploitable once the static key is extracted from firmware through reverse engineering.

Authentication Bypass Watchguard Fireware Os
NVD VulDB
CVSS 4.0
5.9
EPSS
0.2%
CVE-2026-13084 HIGH This Week

Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sending specially crafted IKEv2 messages that trigger a null pointer dereference (CWE-476). The flaw affects appliances running Mobile User VPN with IKEv2 or Branch Office VPN over IKEv2 with a dynamic gateway peer, spanning Fireware OS 11.10.2 through 2026.2. No public exploit identified at time of analysis; the CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss.

Watchguard Denial Of Service Microsoft Null Pointer Dereference Fireware Os
NVD VulDB
CVSS 4.0
8.7
EPSS
0.5%
CVE-2026-13368 CRITICAL Act Now

Remote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticates against an external LDAP server. A race condition in the IKEv2 LDAP authentication path can be driven into a use-after-free (CWE-416) inside the iked daemon, letting a remote unauthenticated attacker execute arbitrary code in the context of that process. No public exploit identified at time of analysis, and the CVSS 4.0 base score of 9.2 is tempered by high attack complexity and a probabilistic attack requirement (AC:H/AT:P), reflecting the difficulty of reliably winning the race.

Memory Corruption Watchguard Use After Free RCE Fireware Os
NVD VulDB
CVSS 4.0
9.2
EPSS
0.6%
CVE-2026-13722 HIGH This Week

Firmware signature validation bypass in WatchGuard Fireware OS lets an authenticated administrator upload a tampered firmware image through the backup/restore feature and have it installed despite failing integrity checks. Affecting Fireware OS branches 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2025.6.2, the flaw (CWE-347) enables persistent malicious code on the appliance. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the high integrity/confidentiality/availability impact and the appliance's privileged network position make it significant.

Authentication Bypass Jwt Attack Watchguard Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-13384 HIGH This Week

Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bounds write in the wgagent process, reachable when a privileged user sends specially crafted requests to the Management Web UI. A high-privilege attacker (or one who has compromised admin credentials) can corrupt memory to run code on the firewall appliance, undermining the security gateway itself. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13383 HIGH This Week

Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises from an out-of-bounds write in the ikestubd process, reachable through the Management Web UI. An authenticated user holding privileged (administrative) access can send specially crafted requests to corrupt memory and execute code on the appliance. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded by the requirement for existing privileged access.

Memory Corruption Watchguard Buffer Overflow RCE Fireware Os
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-13377 MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's SIP Proxy module enables a high-privileged attacker to plant persistent malicious JavaScript that executes in the browsers of other privileged users who access affected management interface pages. Covering Fireware OS versions 12.0 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2, this CVE is explicitly disclosed as an additional, previously unmitigated attack path for CVE-2025-6947 - meaning organizations that applied the prior patch may incorrectly believe their exposure is closed. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

XSS Watchguard Fireware Os
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-13376 MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's spamBlocker module enables a high-privileged attacker to persist malicious JavaScript that executes in the browsers of other authenticated users viewing the affected management interface. This vulnerability is explicitly identified as an additional, unmitigated attack path bypassing the remediation applied for CVE-2025-1071, indicating the original fix was incomplete. The CVSS 4.0 vector scores this at 4.8 (Medium), with no confirmed active exploitation and no public exploit identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-13375 MEDIUM This Month

Stored cross-site scripting in WatchGuard Fireware OS's Autotask Technology Integration module allows a high-privileged attacker to inject persistent malicious scripts that execute in the browsers of other users who view the affected management interface pages. Affecting Fireware OS versions 12.4 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2, this flaw is explicitly described as an additional unmitigated attack path alongside the related CVE-2025-13938, suggesting prior remediation efforts were incomplete. No public exploit code or confirmed active exploitation has been identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-13374 MEDIUM This Month

Stored cross-site scripting in WatchGuard Fireware OS via the ConnectWise Technology Integration module allows a highly privileged attacker to inject persistent malicious scripts into the web management interface, which then execute in the browsers of other authenticated users who view the affected pages. This vulnerability is explicitly described as an additional, previously unmitigated attack path for CVE-2025-13937, indicating that the prior remediation was incomplete and a bypass exists. No public exploit code or CISA KEV listing has been identified at time of analysis, but the relationship to an earlier CVE suggests at least some organizational knowledge of the attack surface.

XSS Watchguard Fireware Os
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-13373 MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's Tigerpaw Technology Integration module allows a high-privileged attacker to persist malicious scripts within the management interface, which then execute in the browsers of other authenticated users who visit the affected pages. Critically, this CVE is identified as an additional unmitigated attack path for CVE-2025-13936, indicating an incomplete remediation of a prior related XSS flaw in the same integration module. Affected versions span the 12.4, 12.5, and 2025.x/2026.x release trains; no public exploit or CISA KEV listing has been identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
CVSS 4.0
4.8
EPSS
0.3%
CVE-2026-6788 HIGH PATCH This Week

Local privilege escalation in WatchGuard Agent for Windows allows authenticated users to execute arbitrary code with elevated system privileges through DLL hijacking. The agent searches for dependencies in user-controllable directories, enabling attackers with standard user credentials to plant malicious DLLs that load when the service starts. WatchGuard has released version 1.25.03.0000 to address this uncontrolled search path vulnerability (CWE-427).

Microsoft Information Disclosure Watchguard
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-6787 HIGH PATCH This Week

Hard-coded cryptographic key in WatchGuard Agent for Windows enables local authenticated attackers to inject malicious code into existing agent processes, achieving high-impact confidentiality, integrity, and availability compromise. WatchGuard Agent versions prior to 1.25.03.0000 are affected. CVSS v4.0 score of 8.5 reflects local attack vector with low complexity and low privilege requirements, though no active exploitation (KEV) or public POC has been identified at time of analysis. The vulnerability's CWE-321 classification indicates embedded cryptographic material that could be extracted and reused for process injection attacks.

Microsoft Information Disclosure Watchguard
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-41288 HIGH PATCH This Week

Privilege escalation in WatchGuard Agent for Windows allows authenticated local users to gain NT AUTHORITY\SYSTEM privileges via incorrect permissions in the patch management component. CVSS 7.3 with low attack complexity and local attack vector. No active exploitation or public exploit code identified at time of analysis. EPSS data not available - real-world risk depends on defender endpoint deployment environments where local user access is already established.

Microsoft Information Disclosure Watchguard
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-41286 HIGH PATCH This Week

Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.

Watchguard Stack Overflow Microsoft Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-41287 HIGH PATCH This Week

Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).

Watchguard Stack Overflow Microsoft Buffer Overflow
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2024-8424 HIGH This Week

Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.00.23.0000; Panda. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-6594 HIGH This Week

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Denial Of Service Microsoft Single Sign On Client
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-6593 CRITICAL Act Now

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.10.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Watchguard Microsoft Authentication Gateway
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-6592 CRITICAL Act Now

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Watchguard Microsoft Authentication Gateway +1
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2024-5974 HIGH This Week

A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.9.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Watchguard RCE Fireware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-4944 HIGH This Week

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Command Injection Microsoft Mobile Vpn With Ssl
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1417 HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-26239 MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watchguard Epp Firmware Edr Firmware Epdr Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26238 MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watchguard Epp Firmware Edr Firmware Epdr Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26237 MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Epp Firmware Edr Firmware Epdr Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-26236 HIGH This Week

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Microsoft Epp Firmware Edr Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-31792 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard XSS Fireware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-31791 HIGH This Week

WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31789 CRITICAL Act Now

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Watchguard Buffer Overflow RCE Fireware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-31790 HIGH POC This Week

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-25361 CRITICAL Act Now

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2022-26318 CRITICAL POC KEV THREAT Emergency

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard RCE Fireware
NVD
CVSS 3.1
9.8
EPSS
78.3%
CVE-2022-25363 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption Buffer Overflow Fireware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-25360 HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-25293 HIGH This Week

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25292 HIGH This Week

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-25291 HIGH This Week

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Integer Overflow RCE Buffer Overflow Fireware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-25290 MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-23176 HIGH KEV THREAT This Week

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2021-37346 CRITICAL Act Now

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard RCE Command Injection Nagios Xi Watchguard Wizard
NVD
CVSS 3.1
9.8
EPSS
73.6%
CVE-2020-10532 HIGH POC This Week

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Ad Helper Firmware
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-10578 CRITICAL Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Ap200 Firmware Ap102 Firmware Ap100 Firmware +1
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-10577 HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
6.6%
CVE-2018-10576 HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-10575 CRITICAL POC Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware Ap102 Firmware Ap100 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
8.7%
CVE-2017-14616 HIGH POC This Week

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Watchguard Fireware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-14615 MEDIUM POC This Month

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8056 MEDIUM POC THREAT This Month

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Watchguard Denial Of Service XXE Fireware
NVD
CVSS 3.0
5.3
EPSS
11.4%
CVE-2017-8055 MEDIUM POC This Month

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-7089 HIGH POC This Week

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Privilege Escalation Rapidstream
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2015-5453 MEDIUM POC THREAT This Month

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Command Injection Watchguard Xcs
NVD Exploit-DB
CVSS 2.0
6.5
EPSS
72.5%
Threat
5.0
CVE-2015-5452 HIGH POC THREAT Act Now

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Watchguard SQLi Xcs
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
36.7%
Threat
4.1
CVE-2014-0338 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD VulDB
CVSS 2.0
4.3
EPSS
3.3%
EPSS 0% CVSS 8.6
HIGH This Week

Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted CLI command into arbitrary code execution via an out-of-bounds write (CWE-787). The flaw affects a very broad version span (Fireware OS 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2), placing most currently and historically deployed WatchGuard Firebox appliances in scope. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; the CVSS 4.0 score of 8.6 reflects full confidentiality/integrity/availability impact once the required privileged access is obtained.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allows an authenticated privileged administrator to run arbitrary code on the firewall by sending specially crafted requests to the Management Web UI, which trigger an out-of-bounds write in the networkd process. The flaw spans a wide version range (11.8 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2) and carries a CVSS 4.0 base score of 8.6 (High). It was reported by WatchGuard's own PSIRT; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file write in the WatchGuard Fireware OS Management Web UI lets a privileged, authenticated administrator escape the intended directory and write files anywhere on a Firebox appliance's filesystem, per CVSS 4.0 (AV:N/PR:H). This affects Fireware OS across the 11.x, 12.x, and 2025.1-2026.2 branches and can be leveraged to tamper with configuration or system binaries, potentially leading to code execution or device compromise. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Path Traversal Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) lets an authenticated local attacker elevate from a low-privileged account to NT AUTHORITY\SYSTEM on any machine where the client is installed. The flaw is rooted in insecure permission assignment (CWE-732), and there is no public exploit identified at time of analysis, though the vendor-reported nature and full high-impact CVSS (7.3, CVSS 4.0) make it a meaningful endpoint-hardening concern.

Privilege Escalation Watchguard Microsoft +1
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an unauthenticated attacker positioned on the same local/adjacent network segment to trigger an out-of-bounds write and execute arbitrary code. The flaw spans a wide firmware range - 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2 - and was self-reported by WatchGuard via its PSIRT. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network-adjacent, unauthenticated, high-impact profile makes it a serious perimeter-device concern.

Watchguard Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

WatchGuard Fireware OS deployed in FireCluster high-availability configurations falls back to a static, hard-coded encryption key to protect saved Access Portal credentials under unspecified exception circumstances, meaning any actor who can retrieve those encrypted credential stores can decrypt them offline using the known firmware key. Affected builds span Fireware OS 12.1 through 12.12 and 2025.1 through 2026.2; standalone Fireboxes and devices without Access Portal support are explicitly out of scope. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog, but CWE-798 class flaws become broadly exploitable once the static key is extracted from firmware through reverse engineering.

Authentication Bypass Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sending specially crafted IKEv2 messages that trigger a null pointer dereference (CWE-476). The flaw affects appliances running Mobile User VPN with IKEv2 or Branch Office VPN over IKEv2 with a dynamic gateway peer, spanning Fireware OS 11.10.2 through 2026.2. No public exploit identified at time of analysis; the CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss.

Watchguard Denial Of Service Microsoft +2
NVD VulDB
EPSS 1% CVSS 9.2
CRITICAL Act Now

Remote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticates against an external LDAP server. A race condition in the IKEv2 LDAP authentication path can be driven into a use-after-free (CWE-416) inside the iked daemon, letting a remote unauthenticated attacker execute arbitrary code in the context of that process. No public exploit identified at time of analysis, and the CVSS 4.0 base score of 9.2 is tempered by high attack complexity and a probabilistic attack requirement (AC:H/AT:P), reflecting the difficulty of reliably winning the race.

Memory Corruption Watchguard Use After Free +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Firmware signature validation bypass in WatchGuard Fireware OS lets an authenticated administrator upload a tampered firmware image through the backup/restore feature and have it installed despite failing integrity checks. Affecting Fireware OS branches 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2025.6.2, the flaw (CWE-347) enables persistent malicious code on the appliance. No public exploit identified at time of analysis and it is not listed in CISA KEV, but the high integrity/confidentiality/availability impact and the appliance's privileged network position make it significant.

Authentication Bypass Jwt Attack Watchguard +1
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bounds write in the wgagent process, reachable when a privileged user sends specially crafted requests to the Management Web UI. A high-privilege attacker (or one who has compromised admin credentials) can corrupt memory to run code on the firewall appliance, undermining the security gateway itself. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises from an out-of-bounds write in the ikestubd process, reachable through the Management Web UI. An authenticated user holding privileged (administrative) access can send specially crafted requests to corrupt memory and execute code on the appliance. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; risk is bounded by the requirement for existing privileged access.

Memory Corruption Watchguard Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's SIP Proxy module enables a high-privileged attacker to plant persistent malicious JavaScript that executes in the browsers of other privileged users who access affected management interface pages. Covering Fireware OS versions 12.0 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2, this CVE is explicitly disclosed as an additional, previously unmitigated attack path for CVE-2025-6947 - meaning organizations that applied the prior patch may incorrectly believe their exposure is closed. No public exploit has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

XSS Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's spamBlocker module enables a high-privileged attacker to persist malicious JavaScript that executes in the browsers of other authenticated users viewing the affected management interface. This vulnerability is explicitly identified as an additional, unmitigated attack path bypassing the remediation applied for CVE-2025-1071, indicating the original fix was incomplete. The CVSS 4.0 vector scores this at 4.8 (Medium), with no confirmed active exploitation and no public exploit identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting in WatchGuard Fireware OS's Autotask Technology Integration module allows a high-privileged attacker to inject persistent malicious scripts that execute in the browsers of other users who view the affected management interface pages. Affecting Fireware OS versions 12.4 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2, this flaw is explicitly described as an additional unmitigated attack path alongside the related CVE-2025-13938, suggesting prior remediation efforts were incomplete. No public exploit code or confirmed active exploitation has been identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored cross-site scripting in WatchGuard Fireware OS via the ConnectWise Technology Integration module allows a highly privileged attacker to inject persistent malicious scripts into the web management interface, which then execute in the browsers of other authenticated users who view the affected pages. This vulnerability is explicitly described as an additional, previously unmitigated attack path for CVE-2025-13937, indicating that the prior remediation was incomplete and a bypass exists. No public exploit code or CISA KEV listing has been identified at time of analysis, but the relationship to an earlier CVE suggests at least some organizational knowledge of the attack surface.

XSS Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored XSS in WatchGuard Fireware OS's Tigerpaw Technology Integration module allows a high-privileged attacker to persist malicious scripts within the management interface, which then execute in the browsers of other authenticated users who visit the affected pages. Critically, this CVE is identified as an additional unmitigated attack path for CVE-2025-13936, indicating an incomplete remediation of a prior related XSS flaw in the same integration module. Affected versions span the 12.4, 12.5, and 2025.x/2026.x release trains; no public exploit or CISA KEV listing has been identified at time of analysis.

XSS Watchguard Fireware Os
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Local privilege escalation in WatchGuard Agent for Windows allows authenticated users to execute arbitrary code with elevated system privileges through DLL hijacking. The agent searches for dependencies in user-controllable directories, enabling attackers with standard user credentials to plant malicious DLLs that load when the service starts. WatchGuard has released version 1.25.03.0000 to address this uncontrolled search path vulnerability (CWE-427).

Microsoft Information Disclosure Watchguard
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Hard-coded cryptographic key in WatchGuard Agent for Windows enables local authenticated attackers to inject malicious code into existing agent processes, achieving high-impact confidentiality, integrity, and availability compromise. WatchGuard Agent versions prior to 1.25.03.0000 are affected. CVSS v4.0 score of 8.5 reflects local attack vector with low complexity and low privilege requirements, though no active exploitation (KEV) or public POC has been identified at time of analysis. The vulnerability's CWE-321 classification indicates embedded cryptographic material that could be extracted and reused for process injection attacks.

Microsoft Information Disclosure Watchguard
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Privilege escalation in WatchGuard Agent for Windows allows authenticated local users to gain NT AUTHORITY\SYSTEM privileges via incorrect permissions in the patch management component. CVSS 7.3 with low attack complexity and local attack vector. No active exploitation or public exploit code identified at time of analysis. EPSS data not available - real-world risk depends on defender endpoint deployment environments where local user access is already established.

Microsoft Information Disclosure Watchguard
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stack-based buffer overflow in WatchGuard Agent discovery service on Windows enables adjacent attackers without authentication to crash the agent via crafted network packets. CVSS 7.1 (High) reflects adjacent network attack vector with high integrity impact. The vulnerability targets the discovery service component used for agent enrollment and network communication. No CISA KEV listing or public exploit code identified at time of analysis, though the local network attack vector limits exposure to adjacent attackers.

Watchguard Stack Overflow Microsoft +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Stack-based buffer overflow in WatchGuard Agent's discovery service allows adjacent network attackers to crash the agent service without authentication. Affects Windows installations prior to version 1.25.03.0000. Vendor patch released addressing the vulnerability. SSVC framework indicates no active exploitation observed and manual exploitation required. While CVSS 7.1 (High) reflects network-adjacent access with high availability impact, actual risk is limited to denial-of-service - no code execution or data compromise possible per the CVSS vector (VC:N/VI:N/VA:H).

Watchguard Stack Overflow Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions.00.23.0000; Panda. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Microsoft
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.10.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Watchguard Microsoft +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Watchguard +3
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.9.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Watchguard RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Command Injection +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Watchguard Command Injection
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watchguard Epp Firmware +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watchguard Epp Firmware +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Epp Firmware +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Microsoft +4
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability exists in the management web interface of WatchGuard Firebox and XTM appliances. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard XSS Fireware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

WatchGuard Firebox and XTM appliances allow a local attacker (that has already obtained shell access) to elevate their privileges and execute code with root permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Watchguard Buffer Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to retrieve sensitive authentication server settings by sending a malicious request to exposed authentication endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 78% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard RCE Fireware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption Buffer Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard File Upload Fireware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Memory Corruption RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Integer Overflow RCE +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to retrieve certificate private keys. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 13% CVSS 8.8
HIGH KEV THREAT This Week

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 74% CVSS 9.8
CRITICAL Act Now

Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Improper neutralisation of special elements used in an OS Command (OS Command injection). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard RCE Command Injection +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discover cleartext passwords via the /domains/list URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Ad Helper Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Ap200 Firmware +3
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Watchguard Ap200 Firmware +3
NVD Exploit-DB
EPSS 2% CVSS 7.8
HIGH POC This Week

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware +2
NVD Exploit-DB
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Watchguard Ap200 Firmware +2
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Watchguard Fireware
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD
EPSS 11% CVSS 5.3
MEDIUM POC THREAT This Month

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.4%.

Watchguard Denial Of Service XXE +1
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Information Disclosure Fireware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Watchguard Privilege Escalation Rapidstream
NVD Exploit-DB
EPSS 72% 5.0 CVSS 6.5
MEDIUM POC THREAT This Month

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.5%.

Command Injection Watchguard Xcs
NVD Exploit-DB
EPSS 37% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.7%.

Watchguard SQLi Xcs
NVD Exploit-DB
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Watchguard Fireware
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy