VYPR
Vendor

WatchGuard

WatchGuard Technologies, Inc, is an American cybersecurity company based in Seattle, Washington. It specializes in network security solutions aimed at safeguarding computer networks from external threats such as malware and ransomware.

Founded 1996
Products
41
CVEs
120
Across products
144
Status
Private

Products

41
View all 41 products →

Recent CVEs

120
View all 120 CVEs →
  • CVE-2018-10575CriApr 30, 2018
    risk 0.67cvss 9.8epss 0.09

    An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Hardcoded credentials exist for an unprivileged SSH account with a shell of /bin/false.

  • CVE-2018-10578CriMay 2, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this…

  • CVE-2018-10577HigMay 2, 2018
    risk 0.61cvss 8.8epss 0.07

    An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root,…

  • CVE-2015-2878HigOct 23, 2017
    risk 0.61cvss 8.8epss 0.04

    Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2)…

  • CVE-2025-4106HigOct 24, 2025
    risk 0.58cvss epss 0.00

    An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects…

  • CVE-2026-3987HigApr 1, 2026
    risk 0.56cvss epss 0.01

    A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8…

  • CVE-2018-10576HigApr 30, 2018
    risk 0.54cvss 7.8epss 0.02

    An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).

  • CVE-2016-7089HigAug 24, 2016
    risk 0.54cvss 7.8epss 0.01

    WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.

  • CVE-2016-3943HigApr 18, 2016
    risk 0.54cvss 7.8epss 0.01

    Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.

  • CVE-2015-7378HigApr 18, 2016
    risk 0.54cvss 7.8epss 0.01

    Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.

  • CVE-2026-6788HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.

  • CVE-2026-6787HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.

  • CVE-2026-41288HigMay 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.

  • CVE-2025-57624HigSep 16, 2025
    risk 0.51cvss 7.8epss 0.00

    A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.

  • CVE-2025-24864HigMar 6, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

  • CVE-2024-8424HigNov 8, 2024
    risk 0.51cvss 7.8epss 0.00

    Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before…

  • CVE-2024-1417HigMay 16, 2024
    risk 0.51cvss 7.8epss 0.01

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in WatchGuard AuthPoint Password Manager on MacOS allows an a adversary with local access to execute code under the context of the AuthPoint Password Manager application. This issue…

  • CVE-2017-14616HigSep 20, 2017
    risk 0.49cvss 7.5epss 0.02

    An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If a login attempt is made in the XML-RPC interface with an XML message containing an empty member element, the wgagent crashes, logging out any user with a session opened in the UI. By continuously executing…

  • CVE-2025-27237HigOct 3, 2025
    risk 0.47cvss epss 0.00

    In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

  • CVE-2026-1498HigJan 30, 2026
    risk 0.46cvss epss 0.01

    An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a…