WatchGuard XTM Firebox Unauthenticated Remote Command Execution

Posted on 29 March 2024

This Metasploit module exploits a buffer overflow at the administration interface (8080 or 4117) of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. Successful exploitation results in remote code execution as user nobody.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Esteghlal F.C. Cross Site Scripting
Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting
Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting
Kemp LoadMaster Local sudo Privilege Escalation
Drupal-Wiki 8.31 / 8.30 Cross Site Scripting

Last 20