~/products/fortinet/fortiap

pipeline liveDigest Docs

Fortinet Fortiap vulnerabilities

13 known vulnerabilities affecting fortinet/fortiap.

Total CVEs

13

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH7MEDIUM6

Vulnerabilities

Page 1 of 1

CVE-2025-53680MEDIUMCVSS 6.7≥ 6.4.0, < 7.4.6≥ 7.6.0, < 7.6.3+5 more2026-05-12

CVE-2025-53680 [MEDIUM] CWE-78 CVE-2025-53680: An improper neutralization of special elements used in an OS command ("OS Command Injection") vulner An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4

CVE-2025-53870MEDIUMCVSS 6.7≥ 6.4.0, < 7.4.6≥ 7.6.0, < 7.6.3+5 more2026-05-12

CVE-2025-53870 [MEDIUM] CWE-78 CVE-2025-53870: An improper neutralization of special elements used in an os command ('os command injection') vulner An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions may all

CVE-2021-22126MEDIUMCVSS 6.72025-03-17

CVE-2021-22126 [MEDIUM] CWE-284 A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 t... FG-IR-20-147: A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 t... A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect

CVE-2024-26012HIGHCVSS 7.8≥ 6.4.1, < 7.2.4≥ 7.4.0, < 7.4.3+4 more2025-01-14

CVE-2024-26012 [HIGH] CWE-78 CVE-2024-26012: A improper neutralization of special elements used in an os command ('os command injection') in Fort A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local

CVE-2023-36634HIGHCVSS 7.12023-09-13

CVE-2023-36634 [HIGH] CWE-73 Arbitrary file listing and deletion through the CLI FG-IR-23-123: Arbitrary file listing and deletion through the CLI An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments. CVEs: CVE-2023-36634 CW

CVE-2023-25608MEDIUMCVSS 6.5≥ 6.0.0, < 7.0.6≥ 7.2.0, < 7.2.2+4 more2023-09-13

CVE-2023-25608 [MEDIUM] CWE-792 CVE-2023-25608: An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.

CVE-2022-29058HIGHCVSS 7.8≥ 6.0.0, ≤ 6.0.6≥ 6.4.3, < 6.4.8+2 more2022-09-06

CVE-2022-29058 [HIGH] CWE-89 CVE-2022-29058: An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] An improper neutralization of special elements [CWE-89] used in an OS command vulnerability [CWE-78] in the command line interpreter of FortiAP 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0, FortiAP-S 6.0.0 through 6.4.7, FortiAP-W2 6.0.0 through 6.4.7, 7.0.0 through 7.0.3, 7.2.0 and FortiAP-U 5.4.0 through 6.2.3 may allow an authenticated attacker t

CVE-2022-30301HIGHCVSS 7.82022-07-19

CVE-2022-30301 [HIGH] CWE-22 Relative path traversal vulnerability in CLI FG-IR-22-109: Relative path traversal vulnerability in CLI A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands. CVEs: CVE-2022-30301 CWEs: CWE-22 CVSS: 7.8 (high) Affected products: FortiAP, FortiAp-u

CVE-2022-22301HIGHCVSS 7.82022-03-02

CVE-2022-22301 [HIGH] CWE-78 An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 t... FG-IR-21-227: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 t... An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unautho

CVE-2021-26106HIGHCVSS 7.8≥ 6.4.1, < 6.4.62021-07-09

CVE-2021-26106 [HIGH] CWE-78 CVE-2021-26106: An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's cons An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute unauthorized commands by running the kdbg CLI command with specifically crafted arguments.

CVE-2019-15709MEDIUMCVSS 6.52020-06-01

CVE-2019-15709 [MEDIUM] CWE-20 An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin consol... FG-IR-19-298: An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin consol... An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafte

CVE-2019-17657HIGHCVSS 7.52020-04-07

CVE-2019-17657 [HIGH] CWE-400 An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer... FG-IR-19-013: An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer... An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker

CVE-2019-15708MEDIUMCVSS 6.7≤ 6.0.52020-03-15

CVE-2019-15708 [MEDIUM] CWE-78 CVE-2019-15708: A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.