Fireware
by WatchGuard
CVEs (50)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4315 | 0.00 | — | 0.00 | Mar 30, 2026 | A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue… | |||
| CVE-2026-4266 | 0.00 | — | 0.00 | Mar 30, 2026 | An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through… | |||
| CVE-2026-3344 | 0.00 | — | 0.00 | Mar 3, 2026 | A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to… | |||
| CVE-2026-3343 | 0.00 | — | 0.00 | Mar 3, 2026 | A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to… | |||
| CVE-2026-3342 | 0.00 | — | 0.01 | Mar 3, 2026 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including… | |||
| CVE-2025-1547 | 0.00 | — | 0.00 | Dec 4, 2025 | A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through… | |||
| CVE-2025-6946 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue… | |||
| CVE-2025-1545 | 0.00 | — | 0.00 | Dec 4, 2025 | An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems… | |||
| CVE-2025-11838 | 0.00 | — | 0.00 | Dec 4, 2025 | A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This… | |||
| CVE-2025-13940 | 0.00 | — | 0.00 | Dec 4, 2025 | An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system… | |||
| CVE-2025-13939 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and… | |||
| CVE-2025-13938 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and… | |||
| CVE-2025-13937 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and… | |||
| CVE-2025-13936 | 0.00 | — | 0.00 | Dec 4, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and… | |||
| CVE-2025-12196 | 0.00 | — | 0.01 | Dec 4, 2025 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including… | |||
| CVE-2025-12195 | 0.00 | — | 0.01 | Dec 4, 2025 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730,… | |||
| CVE-2025-12026 | 0.00 | — | 0.00 | Dec 4, 2025 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5… | |||
| CVE-2025-0178 | 0.00 | — | 0.00 | Feb 14, 2025 | Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or… | |||
| CVE-2025-1071 | 0.00 | — | 0.00 | Feb 14, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This… | |||
| CVE-2022-31789 | 0.00 | — | 0.01 | Sep 6, 2022 | An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10,… |
- CVE-2026-4315Mar 30, 2026risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue…
- CVE-2026-4266Mar 30, 2026risk 0.00cvss —epss 0.00
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through…
- CVE-2026-3344Mar 3, 2026risk 0.00cvss —epss 0.00
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to…
- CVE-2026-3343Mar 3, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to…
- CVE-2026-3342Mar 3, 2026risk 0.00cvss —epss 0.01
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including…
- CVE-2025-1547Dec 4, 2025risk 0.00cvss —epss 0.00
A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through…
- CVE-2025-6946Dec 4, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue…
- CVE-2025-1545Dec 4, 2025risk 0.00cvss —epss 0.00
An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems…
- CVE-2025-11838Dec 4, 2025risk 0.00cvss —epss 0.00
A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This…
- CVE-2025-13940Dec 4, 2025risk 0.00cvss —epss 0.00
An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system…
- CVE-2025-13939Dec 4, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and…
- CVE-2025-13938Dec 4, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and…
- CVE-2025-13937Dec 4, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and…
- CVE-2025-13936Dec 4, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and…
- CVE-2025-12196Dec 4, 2025risk 0.00cvss —epss 0.01
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including…
- CVE-2025-12195Dec 4, 2025risk 0.00cvss —epss 0.01
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730,…
- CVE-2025-12026Dec 4, 2025risk 0.00cvss —epss 0.00
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5…
- CVE-2025-0178Feb 14, 2025risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or…
- CVE-2025-1071Feb 14, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This…
- CVE-2022-31789Sep 6, 2022risk 0.00cvss —epss 0.01
An integer overflow in WatchGuard Firebox and XTM appliances allows an unauthenticated remote attacker to trigger a buffer overflow and potentially execute arbitrary code by sending a malicious request to exposed management ports. This is fixed in Fireware OS 12.8.1, 12.5.10,…
Page 2 of 3