CVE-2017-5263
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
20/12/2017
Last modified:
20/04/2025
Description
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
Impact
Base Score 3.x
8.00
Severity 3.x
HIGH
Base Score 2.0
5.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:* | 4.3.2-r4 (including) | |
cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page