| Max CVSS | 9.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-5261 | 4.0 |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5255 | 9.0 |
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-chara
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5256 | 3.5 |
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site s
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5263 | 5.4 |
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, esp
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5259 | 9.0 |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5262 | 7.7 |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5254 | 9.0 |
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5258 | 3.5 |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected dev
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5257 | 3.5 |
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 | |
| CVE-2017-5260 | 9.0 |
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direc
|
09-10-2019 - 23:28 | 20-12-2017 - 22:29 |