PSIRT Advisories

FortiAP Bleeding Bit Vulnerability


Some FortiAP models are vulnerable to the Bleeding Bit Vulnerability (CVE-2018-16986) present in the Texas Instruments WiFi chips.


Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow.

Affected Products

Only the following FortiAP models are impacted:

FortiAP-S: FAP_S221E and FAP_S223E

FortiAP-W2: FAP_221E (Gen2), FAP_222E and FAP_223E (Gen2)

Other FortiAP models (including FAP-U/FAP-W2/FAP-S series) are not impacted.

MeruAP models are not impacted


Upgrade the impacted FortiAP-S/W2 models to 5.6.4 or 6.0.4


When the affected FortiAP-S/W2 models are managed by a FortiGate, enter the following CLI commands to disable the BLE scanning feature:

config wireless-controller ble-profile
edit [profile-name]
set ble-scanning disable (*disable is the default value)

Revision History

2019-04-10 Initial Version
2019-04-15 Corrected the FortiAP-W2 affected models.