9

CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CambiumnetworksCnpilot R190v Firmware Version <= 4.3.2-r4
   CambiumnetworksCnpilot R190v Version-
CambiumnetworksCnpilot E410 Firmware Version <= 4.3.2-r4
   CambiumnetworksCnpilot E410 Version-
CambiumnetworksCnpilot R190n Firmware Version <= 4.3.2-r4
   CambiumnetworksCnpilot R190n Version-
CambiumnetworksCnpilot E400 Firmware Version <= 4.3.2-r4
   CambiumnetworksCnpilot E400 Version-
CambiumnetworksCnpilot E600 Firmware Version <= 4.3.2-r4
   CambiumnetworksCnpilot E600 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 66.34% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.