GCVE - cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Watchguard (`ec468727-86da-5bb0-9483-b62749e25478`)
Product	Firebox M5600 (`aa0dc0bd-786c-5464-9e43-804f0b6d62d9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-3344`	not_vulnerable	2026-06-03 15:23:32.236244	WatchGuard Firebox System Integrity Check Bypass A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1. Published: 2026-03-03T13:17:56.622Z Updated: 2026-03-04T15:22:41.878Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3343`	not_vulnerable	2026-06-03 15:23:32.223263	WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1. Published: 2026-03-03T13:17:48.810Z Updated: 2026-03-04T15:22:22.283Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-3342`	not_vulnerable	2026-06-03 15:23:32.205178	WatchGuard Firebox Out of Bounds Write Vulnerability An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1. Published: 2026-03-03T13:17:39.376Z Updated: 2026-03-04T15:22:14.651Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-6946`	not_vulnerable	2026-06-03 15:12:29.379574	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. Published: 2025-12-04T21:48:50.477Z Updated: 2025-12-05T15:43:06.306Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00011	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1547`	not_vulnerable	2026-06-03 14:59:05.771338	WatchGuard Firebox Authenticated Stack Overflow in Certificate Request Command A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2. Published: 2025-12-04T22:11:09.164Z Updated: 2026-02-26T16:57:31.557Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00013	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-1545`	not_vulnerable	2026-06-03 14:59:05.753820	WatchGuard Firebox XPath Injection Vulnerability in Web CGI An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:48:27.311Z Updated: 2025-12-05T15:44:01.830Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00025	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13940`	not_vulnerable	2026-06-03 14:58:54.065444	WatchGuard Firebox Boot Time System Integrity Check Bypass An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2. Published: 2025-12-04T21:47:44.483Z Updated: 2025-12-05T15:45:09.514Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00026	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13939`	not_vulnerable	2026-06-03 14:58:54.059007	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:47:37.793Z Updated: 2025-12-05T15:45:32.780Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13938`	not_vulnerable	2026-06-03 14:58:54.047486	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:47:29.650Z Updated: 2025-12-05T15:45:58.220Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00023	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13937`	not_vulnerable	2026-06-03 14:58:54.044898	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:47:19.995Z Updated: 2025-12-05T16:19:15.961Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00022	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-13936`	not_vulnerable	2026-06-03 14:58:54.032963	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:45:51.774Z Updated: 2025-12-05T16:19:53.325Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00021	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12196`	not_vulnerable	2026-06-03 14:58:43.959903	WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:45:29.261Z Updated: 2026-02-26T16:57:32.550Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00020	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12195`	not_vulnerable	2026-06-03 14:58:43.957181	WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:43:57.162Z Updated: 2026-02-26T16:57:32.996Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00019	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-12026`	not_vulnerable	2026-06-03 14:58:43.664630	WatchGuard Firebox Authenticated Out of Bounds Write in certd An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:43:46.266Z Updated: 2026-02-26T16:57:33.562Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00017	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-11838`	not_vulnerable	2026-06-03 14:58:43.179538	WatchGuard Firebox iked Memory Corruption Vulnerability A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2. Published: 2025-12-04T21:48:10.961Z Updated: 2025-12-15T23:18:30.406Z Open on db.gcve.eu Reference links https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00018	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.