CVE-2021-26102
published 2024-12-19CVE-2021-26102: A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete…
critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiwan | — | — |
| fortinet | fortiwan | >= 4.4.0 < 4.5.8 | 4.5.8 |
| fortinet | fortiwan | 4.4.0 – 4.4.1 | — |
| fortinet | fortiwan | 4.5.0 – 4.5.7 | — |