CVE-2021-22126
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.
| CWE | CWE-284 |
| Vendor | fortinet |
| Product | fortiwlc |
| Ecosystems | |
| Industries | NetworkingSecurity |
| Published | Mar 17, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for fortinet fortiwlc
Be the first to know when new medium vulnerabilities affecting fortinet fortiwlc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Fortinet / FortiWLC
8.5.0 โค 8.5.2 8.4.4 โค 8.4.8 8.4.0 โค 8.4.2 8.3.2 โค 8.3.3 8.2.6 โค 8.2.7