Share
## https://sploitus.com/exploit?id=PACKETSTORM:211136
CVE-2025-59396 โ€“ WatchGuard Firebox Default Configuration Allows Unauthorized SSH Access via Port 4118
    Description
    The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials (admin:readwrite). This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication.
    Impact
    An unauthenticated attacker can:
    
    Retrieve sensitive information such as ARP tables, network configurations, user accounts, feature keys, and device location data.
    Modify or disable firewall rules and security policies.
    Perform lateral movement within the internal network.
    Exfiltrate data or disrupt services.
    
    This results in a complete compromise of the Firebox appliance and the network it protects.
    Vulnerability Type
    
    Misconfiguration / Insecure Defaults
    Authentication Bypass via Default Credentials
    
    Attack Vector
    Remote access via SSH on port 4118 using:
    
    Username: admin
    Password: readwrite
    
    Tools like PuTTY or any SSH client can be used to exploit this vulnerability.
    Affected Product
    
    Vendor: WatchGuard
    Product: Firebox series (specific models and firmware versions TBD)
    Component: SSH Service (Port 4118)
    Status: Exposed by default
    
    Discoverers
    
    Chanakya Neelarapu
    Mark Gibson
    
    CVE ID
    
    CVE-2025-59396
    
    Impacts
    
    โœ… Remote Code Execution
    โœ… Privilege Escalation
    โœ… Information Disclosure
    โœ… Network Exposure and Lateral Movement
    
    Reference
    
    https://www.watchguard.com/wgrd-products/firewalls