Security for everyone

CVE-2016-3978 Scanner

Detects 'Open Redirect' vulnerability in FortiOS affects v. 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




FortiOS is a web-based operating system used by Fortinet, a network security company, to manage and secure network devices. FortiOS provides a plethora of features, such as firewalls, VPNs, intrusion detection and prevention, and web filtering, among others. These features enable businesses to manage and monitor their networks with ease and peace of mind.

One critical vulnerability detected in FortiOS is CVE-2016-3978. This vulnerability resides in the Web User Interface (WebUI) of FortiOS. Cybercriminals exploit the weakness of this vulnerability to redirect users to illegitimate websites that may contain malware and conduct phishing attacks or cross-site scripting (XSS) attacks. This vulnerability affects FortiOS versions 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0, making millions of devices vulnerable.

Once exploited, the vulnerability can lead to a range of consequences, such as the loss of sensitive data, financial fraud, identity theft, and damage to the reputation of the affected business. The attackers can steal login credentials, intellectual property, and other confidential information, which can cause significant financial losses to the victim organization. Moreover, the attackers can enable remote access to devices, and use them for further attacks, resulting in data breaches, ransomware attacks, and more.

Thanks to the pro features of platform, users can easily and quickly learn about vulnerabilities in their digital assets. By subscribing to the platform, users can receive alerts on critical vulnerabilities that affect their assets, along with mitigation measures. Additionally, users can perform vulnerability scanning and penetration testing on their networks to identify potential weaknesses and address them before attackers can exploit them.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture