Hardcoded root password in Meru AP

Hardcoded root password in Meru AP

Summary

A use of hard-coded password vulnerability in Meru AP may allow a remote authenticated attacker to access the system as root using the default hard-coded username and password.

Impact

Execute unauthorized code or commands

Affected Products

Meru AP versions 8.5.2 and below.

Solutions

Please upgrade to Meru AP versions 8.6.0 or above. Please upgrade to Meru AP versions 8.5.3 or above.

Acknowledgement

Internally reported by Fortinet PSIRT.