Watchguard Firebox_m4600
19 CVEs affecting Watchguard Firebox_m4600. Latest disclosed: 2026-03-03. Critical: 2, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-14733 | Critical | 9.8 | 2025-12-19 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affect… |
CVE-2025-9242 | Critical | 9.8 | 2025-09-17 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affect… |
CVE-2025-1545 | High | 7.5 | 2025-12-04 | An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox confi… |
CVE-2025-11838 | High | 7.5 | 2025-12-04 | A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile… |
CVE-2026-3342 | High | 7.2 | 2026-03-03 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissi… |
CVE-2025-1547 | High | 7.2 | 2025-12-04 | A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to e… |
CVE-2025-12196 | High | 7.2 | 2025-12-04 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially cra… |
CVE-2025-12195 | High | 7.2 | 2025-12-04 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially craft… |
CVE-2025-12026 | High | 7.2 | 2025-12-04 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary… |
CVE-2026-3343 | Medium | 6.1 | 2026-03-03 | A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated man… |
CVE-2025-13939 | Medium | 6.1 | 2025-12-04 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controlle… |
CVE-2025-13938 | Medium | 6.1 | 2025-12-04 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integr… |
CVE-2025-13937 | Medium | 6.1 | 2025-12-04 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Int… |
CVE-2025-13936 | Medium | 6.1 | 2025-12-04 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integr… |
CVE-2025-0178 | Medium | 6.1 | 2025-02-14 | Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the We… |
CVE-2025-13940 | Medium | 5.5 | 2025-12-04 | An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity che… |
CVE-2026-3344 | Medium | 4.9 | 2026-03-03 | A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a mal… |
CVE-2025-6946 | Medium | 4.8 | 2025-12-04 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the I… |
CVE-2025-1071 | Medium | 4.8 | 2025-02-14 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the s… |