Vulnerability Description
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cambiumnetworks | Cnpilot R190V Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190V | - |
| Cambiumnetworks | Cnpilot E410 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E410 | - |
| Cambiumnetworks | Cnpilot R190N Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot R190N | - |
| Cambiumnetworks | Cnpilot E400 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E400 | - |
| Cambiumnetworks | Cnpilot E600 Firmware | <= 4.3.2-r4 |
| Cambiumnetworks | Cnpilot E600 | - |
Related Weaknesses (CWE)
References
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
- https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-Third Party Advisory
FAQ
What is CVE-2017-5263?
CVE-2017-5263 is a vulnerability with a CVSS score of 8.0 (HIGH). Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens...
How severe is CVE-2017-5263?
CVE-2017-5263 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5263?
Check the references section above for vendor advisories and patch information. Affected products include: Cambiumnetworks Cnpilot R190V Firmware, Cambiumnetworks Cnpilot R190V, Cambiumnetworks Cnpilot E410 Firmware, Cambiumnetworks Cnpilot E410, Cambiumnetworks Cnpilot R190N Firmware.