PSIRT Advisories

FortiWLC - Hardcoded root password


A use of hard-coded password vulnerability in FortiWLC may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

Affected Products

FortiWLC versions 8.5.2 and below.


Please upgrade to FortiWLC versions 8.6.0 or above.
Please upgrade to FortiWLC versions 8.5.3 or above.


Internally reported by Fortinet PSIRT.