Vulnerability in Cambium Networks Cnpilot
CVE-2017-5260
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessibl…
EPSS: 0.334 (97.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Cambium Networks Cnpilot — versions 4.3.2-R4 and prior
- Cambiumnetworks Cnpilot_e400
- Cambiumnetworks Cnpilot_e400_firmware
- Cambiumnetworks Cnpilot_e410
- Cambiumnetworks Cnpilot_e410_firmware
- Cambiumnetworks Cnpilot_e600
- Cambiumnetworks Cnpilot_e600_firmware
- Cambiumnetworks Cnpilot_r190n
- Cambiumnetworks Cnpilot_r190n_firmware
- Cambiumnetworks Cnpilot_r190v
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@rapid7.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2017-5260?
- CVE-2017-5260 is a high-severity vulnerability in Cambium Networks Cnpilot, classified under CWE-472. CVSS score: 8.8/10. Published 2017-12-20.
- How severe is CVE-2017-5260?
- High severity. CVSS v3 base score is 8.8 out of 10.
- Is CVE-2017-5260 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.