An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user).
Conclusion & alert: CVE-2018-10576 is rated High Exploit Risk (72.4/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.52%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.27% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 45409 | exploit_db | edb | 2018-09-14 | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.25% | 1.52% | +1.27% |
| 2 | 2025-11-21 | 0.23% | 0.25% | +0.02% |
| 3 | 2025-11-18 | — | 0.23% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.0 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 4.6 | 2.0 | MEDIUM |
|
3.9 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| watchguard | ap200_firmware | < 1.2.9.15 | cpe:2.3:o:watchguard:ap200_firmware:*:*:*:*:*:*:*:* |
| watchguard | ap102_firmware | < 1.2.9.15 | cpe:2.3:o:watchguard:ap102_firmware:*:*:*:*:*:*:*:* |
| watchguard | ap100_firmware | < 1.2.9.15 | cpe:2.3:o:watchguard:ap100_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/May/12 | Mailing List Third Party Advisory |
| https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy | Vendor Advisory |
| https://www.exploit-db.com/exploits/45409/ | |
| https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes | Vendor Advisory |