A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.

Description

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.

Affected Products

Vendor	Product	Versions
watchguard	fireware	< 12.11.8, < 12.5.17, < 2026.1.2

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00005(Vendor Advisory)

CVSS 3.14.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

12.11.812.5.172026.1.2

CWECWE-440

PublishedMar 3, 2026

Last enriched5d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.

Description

Affected Products

References

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline