Vulnerability Description
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cambiumnetworks | Cnpilot R190V Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190V | - |
| Cambiumnetworks | Cnpilot E410 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E410 | - |
| Cambiumnetworks | Cnpilot R190N Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190N | - |
| Cambiumnetworks | Cnpilot E400 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E400 | - |
| Cambiumnetworks | Cnpilot E600 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E600 | - |
Related Weaknesses (CWE)
References
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
FAQ
What is CVE-2017-5261?
CVE-2017-5261 is a vulnerability with a CVSS score of 8.8 (HIGH). In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to a...
How severe is CVE-2017-5261?
CVE-2017-5261 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5261?
Check the references section above for vendor advisories and patch information. Affected products include: Cambiumnetworks Cnpilot R190V Firmware, Cambiumnetworks Cnpilot R190V, Cambiumnetworks Cnpilot E410 Firmware, Cambiumnetworks Cnpilot E410, Cambiumnetworks Cnpilot R190N Firmware.