CVE-2017-5261
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/12/2017
Last modified:
20/04/2025
Description
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page