Main Vulnerability Database Exploits ID:7125 - Exploit for Improper Authentication in FortiWAN - CVE-2021-26102

ID:7125 - Exploit for Improper Authentication in FortiWAN - CVE-2021-26102

Published: December 9, 2021

Vulnerability identifier: #VU52680

Vulnerability risk: High

CVE-ID: CVE-2021-26102

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
FortiWAN

Link to public exploit:

https://github.com/SleepyCofe/CVE-2021-26102

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the authentication process. A remote non-authenticated attacker can send a specially crafted HTTP POST request and delete arbitrary files on the system using directory traversal sequences. In particular, deleting specific configuration files will reset the Admin password to its default value.

Successful exploitation of the vulnerability may allow an attacker to gain full access to the affected system.

Remediation

Install updates from vendor's website.

ID:7125 - Exploit for Improper Authentication in FortiWAN - CVE-2021-26102

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human