CVE-2017-5263

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
20/12/2017
Last modified:
20/04/2025

Description

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_r190v:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e410:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_r190n:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e400:-:*:*:*:*:*:*:*
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:* 4.3.2-r4 (including)
cpe:2.3:h:cambiumnetworks:cnpilot_e600:-:*:*:*:*:*:*:*