PSIRT Advisories

FortiWLC - Hardcoded root password

Summary

A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

Affected Products

FortiWLC versions 8.5.2 and below.

Solutions

Please upgrade to FortiWLC versions 8.6.0 or above.
Please upgrade to FortiWLC versions 8.5.3 or above.

Acknowledgement

Internally reported by Fortinet PSIRT.