Fortinet FortiWLC Hard-Coded Password Vulnerability Allowing Root Access on Managed Access Points

Vulnerability

A vulnerability exists in Fortinet FortiWLC versions 8.5.2 and prior, 8.4.8 and prior, 8.3.3 to 8.3.2, and 8.2.7 to 8.2.6. This vulnerability involves the use of hard-coded passwords, which may enable a local, authenticated attacker to connect to managed Access Points (Meru AP and FortiAP-U) as root, using the default hard-coded username and password.

Impact

Exploitation of this vulnerability allows local, authenticated attackers to gain root access on managed Access Points.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiWLC Hard-Coded Password Vulnerability Allowing Root Access on Managed Access Points

Vulnerability

Impact

Affected Products

Fortinet FortiWLC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating