PSIRT Advisories

Meru AP - Unrestricted execution of OS commands as root

Summary

An improper sanitization of commands elements (OS Command Injection) vulnerability [CWE-78] in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI.

Affected Products

Meru AP version 8.6.1 and below

Meru AP version 8.5.5 and below

Solutions

Upgrade to Meru AP version 8.6.2 or above

Acknowledgement

Fortinet is pleased to thank the customer who reported this vulnerability under responsible disclosure.