FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write privileges over various parts of the system. Starting with FortiWLC 7.0.13 and FortiWLC 8.4.0, the accounts are now completely removed and do not persist over firmware upgrade.
* FortiWLC 7.0.11 and lower in the 7.x branch
* FortiWLC 8.3.3 and lower in the 8.x branch
* FortiWLC 7.x installations must be upgraded to FortiWLC 7.0.13 or higher * FortiWLC 8.x installations must be upgraded to FortiWLC 8.4.0 or higher