PSIRT Advisories

FortiWLC - Multiple Buffer Overflow vulnerabilities


Multiple instances of stack-based buffer overflow vulnerability (CWE-121) in the command line interface of FortiWLC may allow a local, authenticated attacker to crash the access point being managed by the controller and potentially execute unauthorized code via a specifically crafted CLI command.

Affected Products

FortiWLC versions 8.6.0 and below. FortiWLC versions 8.5.3 and below.


Please upgrade to FortiWLC version 8.6.1 or above.
Please upgrade to FortiWLC version 8.5.4 or above. 


Internally discovered and reported by Nesrine Kortas from Fortinet PSIRT.