Vulnerabilities > Cambiumnetworks

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-6691 Code Injection vulnerability in Cambiumnetworks Epmp Force 300-25 Firmware 4.7.0.1
Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.
local
low complexity
cambiumnetworks CWE-94
7.8
7.8
2023-09-29 CVE-2022-35908 Unspecified vulnerability in Cambiumnetworks Enterprise Wi-Fi
Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
network
low complexity
cambiumnetworks
8.8
8.8
2022-05-17 CVE-2022-1356 OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
cnMaestro is vulnerable to a local privilege escalation.
local
low complexity
cambiumnetworks CWE-78
7.8
7.8
2022-05-17 CVE-2022-1357 OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server.
network
low complexity
cambiumnetworks CWE-78
critical
 9.8
9.8
2022-05-17 CVE-2022-1358 SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command.
network
low complexity
cambiumnetworks CWE-89
7.5
7.5
2022-05-17 CVE-2022-1359 Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route.
network
low complexity
cambiumnetworks CWE-22
7.5
7.5
2022-05-17 CVE-2022-1360 OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server.
network
low complexity
cambiumnetworks CWE-78
critical
 9.8
9.8
2022-05-17 CVE-2022-1361 SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command.
network
low complexity
cambiumnetworks CWE-89
7.5
7.5
2022-05-17 CVE-2022-1362 OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system.
local
low complexity
cambiumnetworks CWE-78
7.3
7.3
2020-02-17 CVE-2020-9022 Cross-site Scripting vulnerability in Cambiumnetworks products
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices.
network
low complexity
cambiumnetworks CWE-79
6.1
6.1