Reported December 13, 2000 by WatchGuard
1. A malicious attacker can access sensitive configuration remotely.
2. An attacker can use a remotely exploitable buffer overflow and apply excessively long HTTG GET requests to launch arbitrary code.
3. An attacker can cause a Denial of Service (DoS) attack by sending fragmented packets.
4. A malicious attacker can use the POST command to reset the SOHO Firewall Password without authentication.
WatchGuard has issued a revised version 2.2.1 that is not vulnerable to these attacks. Customers should contact WatchGuard for an upgrade. http://www.watchguard.com