CVE-2017-5260

Published: Dec 20, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.

Affected (5)

Products: Cambiumnetworks: Cnpilot R190v Firmware, Cnpilot E410 Firmware, Cnpilot R190n Firmware, Cnpilot E400 Firmware, Cnpilot E600 Firmware

Cambiumnetworks

5 products

Cnpilot R190v Firmware

Cnpilot E410 Firmware

Cnpilot R190n Firmware

Cnpilot E400 Firmware

Cnpilot E600 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cambiumnetworks Cnpilot R190v Firmware	Up to 4.3.2-r4

Running on/with	Platform Versions
Cambiumnetworks Cnpilot R190v	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cambiumnetworks Cnpilot E410 Firmware	Up to 4.3.2-r4

Running on/with	Platform Versions
Cambiumnetworks Cnpilot E410	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cambiumnetworks Cnpilot R190n Firmware	Up to 4.3.2-r4

Running on/with	Platform Versions
Cambiumnetworks Cnpilot R190n	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cambiumnetworks Cnpilot E400 Firmware	Up to 4.3.2-r4

Running on/with	Platform Versions
Cambiumnetworks Cnpilot E400	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cambiumnetworks Cnpilot E600 Firmware	Up to 4.3.2-r4

Running on/with	Platform Versions
Cambiumnetworks Cnpilot E600	All versions

Related CWEs

CWE-472

External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

Source: cve@rapid7.com

Third Party Advisory

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.