Through a combination of security weaknesses in the AP100, AP102, and AP200 firmware versions 220.127.116.11 and earlier, an attacker with network access could gain remote access to the AP device. A successful attack requires chaining several vulnerabilities, including:
These vulnerabilities affect the following WatchGuard wireless AP products:
These vulnerabilities are resolved in AP firmware v18.104.22.168 for all three models.
The AP300 is not vulnerable to the same combination of weaknesses, but is also updated to harden it against similar potential exploits. AP firmware v22.214.171.124 includes these updates.Other AP models are not affected by these vulnerabilities.
In addition addressing these vulnerabilities, AP firmware v126.96.36.199 and v188.8.131.52 disables the AP web UI. This local web UI is no longer supported because these AP models can only be managed by Firebox Gateway Wireless Controller.