Fortinet Fortiwlc vulnerabilities

CVE-2021-42758 [HIGH] CWE-863 CVE-2021-42758: An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenti An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions.

CVE-2020-9288 [MEDIUM] CWE-79 CVE-2020-9288: An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated at An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.

CVE-2016-8491 [CRITICAL] CWE-798 CVE-2016-8491: The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unaut The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.