Description
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.

This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Published: 2026-03-03
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Root via Out‑of‑Bounds Write on the WatchGuard Fireware OS management interface
Action: Patch Now
AI Analysis

Impact

An out‑of‑bounds write flaw in WatchGuard Fireware OS allows an authenticated privileged administrator to execute arbitrary code with root privileges. The vulnerability occurs on the exposed management interface and is a classic memory corruption error consistent with CWE‑787. The flaw permits complete control over the device by the attacker once it is exploited.

Affected Systems

The affected products are WatchGuard Fireware OS versions 11.9, 11.10, 11.12, 11.12.4_Update1, 12.0 through 12.11.7, and 2025.1 through 2026.1.1. All Firebox hardware models running these OS releases are impacted when the management interface is reachable.

Risk and Exploitability

The CVSS v3 score of 8.6 reflects a high severity, while an EPSS score of less than 1% indicates that exploitation is currently unlikely but possible. The vulnerability is not listed in CISA’s KEV catalog. Attacker intent requires valid privileged credentials, after which arbitrary code runs with root privileges. The likely attack vector is the exposed management interface, inferred from the description of the interface’s role in the flaw.

Generated by OpenCVE AI on April 18, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Fireware OS firmware to the latest version that contains the fix for the out‑of‑bounds write flaw.
  • Restrict access to the management interface to trusted internal networks or VPN tunnels so that only authorized administrators can reach it.
  • Enforce multi‑factor authentication for privileged administrator accounts and routinely audit administrative activity logs for suspicious actions.

Generated by OpenCVE AI on April 18, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Watchguard firebox M270
Watchguard firebox M290
Watchguard firebox M295
Watchguard firebox M370
Watchguard firebox M390
Watchguard firebox M395
Watchguard firebox M440
Watchguard firebox M4600
Watchguard firebox M470
Watchguard firebox M4800
Watchguard firebox M495
Watchguard firebox M5600
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox M590
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox M690
Watchguard firebox M695
Watchguard firebox Nv5
Watchguard firebox T115-w
Watchguard firebox T125
Watchguard firebox T125-w
Watchguard firebox T145
Watchguard firebox T145-w
Watchguard firebox T15
Watchguard firebox T185
Watchguard firebox T20
Watchguard firebox T25
Watchguard firebox T35
Watchguard firebox T40
Watchguard firebox T45
Watchguard firebox T55
Watchguard firebox T70
Watchguard firebox T80
Watchguard firebox T85
Watchguard fireboxcloud
Watchguard fireboxv
Watchguard fireware
CPEs cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Vendors & Products Watchguard firebox M270
Watchguard firebox M290
Watchguard firebox M295
Watchguard firebox M370
Watchguard firebox M390
Watchguard firebox M395
Watchguard firebox M440
Watchguard firebox M4600
Watchguard firebox M470
Watchguard firebox M4800
Watchguard firebox M495
Watchguard firebox M5600
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox M590
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox M690
Watchguard firebox M695
Watchguard firebox Nv5
Watchguard firebox T115-w
Watchguard firebox T125
Watchguard firebox T125-w
Watchguard firebox T145
Watchguard firebox T145-w
Watchguard firebox T15
Watchguard firebox T185
Watchguard firebox T20
Watchguard firebox T25
Watchguard firebox T35
Watchguard firebox T40
Watchguard firebox T45
Watchguard firebox T55
Watchguard firebox T70
Watchguard firebox T80
Watchguard firebox T85
Watchguard fireboxcloud
Watchguard fireboxv
Watchguard fireware
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Title WatchGuard Firebox Out of Bounds Write Vulnerability
First Time appeared Watchguard
Watchguard fireware Os
Weaknesses CWE-787
CPEs cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.9
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1
Vendors & Products Watchguard
Watchguard fireware Os
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Firebox M270 Firebox M290 Firebox M295 Firebox M370 Firebox M390 Firebox M395 Firebox M440 Firebox M4600 Firebox M470 Firebox M4800 Firebox M495 Firebox M5600 Firebox M570 Firebox M5800 Firebox M590 Firebox M595 Firebox M670 Firebox M690 Firebox M695 Firebox Nv5 Firebox T115-w Firebox T125 Firebox T125-w Firebox T145 Firebox T145-w Firebox T15 Firebox T185 Firebox T20 Firebox T25 Firebox T35 Firebox T40 Firebox T45 Firebox T55 Firebox T70 Firebox T80 Firebox T85 Fireboxcloud Fireboxv Fireware Fireware Os
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-03-04T15:22:14.651Z

Reserved: 2026-02-27T15:34:47.745Z

Link: CVE-2026-3342

cve-icon Vulnrichment

Updated: 2026-03-03T13:52:12.128Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T14:15:56.643

Modified: 2026-03-04T19:42:25.293

Link: CVE-2026-3342

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:45:06Z

Weaknesses