CVE-2021-22126
published 2025-03-17CVE-2021-22126: A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiap | — | — |
| fortinet | fortiwlc | — | — |
| fortinet | fortiwlc | — | — |
| fortinet | fortiwlc | — | — |
| fortinet | fortiwlc | — | — |
| fortinet | fortiwlc | — | — |
| fortinet | fortiwlc | 8.2.6 – 8.2.7 | — |
| fortinet | fortiwlc | 8.3.2 – 8.3.3 | — |
| fortinet | fortiwlc | >= 8.4.0 < 8.5.3 | 8.5.3 |
| fortinet | fortiwlc | 8.4.0 – 8.4.2 | — |
| fortinet | fortiwlc | 8.4.4 – 8.4.8 | — |
| fortinet | fortiwlc | 8.5.0 – 8.5.2 | — |