CVE-2017-5261

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/12/2017
Last modified:
20/04/2025

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*