Unrestricted execution of OS commands as root


An improper sanitization of commands elements (OS Command Injection) vulnerability [CWE-78] in Meru AP may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted commands in Meru AP's CLI.

Affected Products

Meru AP version 8.6.1 and below

Meru AP version 8.5.5 and below


Upgrade to Meru AP version 8.6.2 or above


Fortinet is pleased to thank the customer who reported this vulnerability under responsible disclosure.