FortiAP system command injection through ifconfig command
Summary
A system command injection vulnerability in the FortiAP CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands.
Affected Products
FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below FortiAP 6.0.5 and below FortiAP-U all versions below 6.0.0
Solutions
Upgrade to FortiAP-S/W2 6.0.6 or 6.2.2 Upgrade to FortiAP 6.0.6 Upgrade to FortiAP-U 6.0.0