Cambiumnetworks Cnpilot_e400
5 CVEs affecting Cambiumnetworks Cnpilot_e400. Latest disclosed: 2017-12-20. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-5261 | High | 8.8 | 2017-12-20 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path… |
CVE-2017-5260 | High | 8.8 | 2017-12-20 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web ad… |
CVE-2017-5259 | High | 8.8 | 2017-12-20 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path… |
CVE-2017-5263 | High | 8.0 | 2017-12-20 | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically imp… |
CVE-2017-5262 | High | 8.0 | 2017-12-20 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID refere… |