Vulnerability Description
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cambiumnetworks | Cnpilot R190V Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190V | - |
| Cambiumnetworks | Cnpilot E410 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E410 | - |
| Cambiumnetworks | Cnpilot R190N Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190N | - |
| Cambiumnetworks | Cnpilot E400 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E400 | - |
| Cambiumnetworks | Cnpilot E600 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E600 | - |
Related Weaknesses (CWE)
References
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
FAQ
What is CVE-2017-5260?
CVE-2017-5260 is a vulnerability with a CVSS score of 8.8 (HIGH). In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' accou...
How severe is CVE-2017-5260?
CVE-2017-5260 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5260?
Check the references section above for vendor advisories and patch information. Affected products include: Cambiumnetworks Cnpilot R190V Firmware, Cambiumnetworks Cnpilot R190V, Cambiumnetworks Cnpilot E410 Firmware, Cambiumnetworks Cnpilot E410, Cambiumnetworks Cnpilot R190N Firmware.