CVE-2021-22126

CWE-284Improper Access ControlCWE-798Hard-coded Credentials4 documents4 sources
Severity
6.7MEDIUM
EPSS
0.0%
top 93.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiwlc
Timeline
PublishedMar 17

Description

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortiwlc8.4.08.5.3+4
CVEListV5fortinet/fortiwlc8.5.08.5.2+4

🔴Vulnerability Details

2
GHSA
GHSA-6qvm-8hqf-vwf3: A use of hard-coded password vulnerability in FortiWLC version 82025-03-17
CVEList
CVE-2021-22126: A use of hard-coded password vulnerability in FortiWLC version 82025-03-17

📋Vendor Advisories

1
Fortinet
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 t...2025-03-17
CVE-2021-22126 (MEDIUM CVSS 6.7) | A use of hard-coded password vulner | cvebase.io