Vulnerabilities > Cambiumnetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-6691 | Code Injection vulnerability in Cambiumnetworks Epmp Force 300-25 Firmware 4.7.0.1 Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | 7.8 |
| 2023-09-29 | CVE-2022-35908 | Unspecified vulnerability in Cambiumnetworks Enterprise Wi-Fi Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | 8.8 |
| 2022-05-17 | CVE-2022-1356 | OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 cnMaestro is vulnerable to a local privilege escalation. | 7.2 |
| 2022-05-17 | CVE-2022-1357 | OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. | 7.5 |
| 2022-05-17 | CVE-2022-1358 | SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. | 5.0 |
| 2022-05-17 | CVE-2022-1359 | Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. | 5.0 |
| 2022-05-17 | CVE-2022-1360 | OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. | 7.5 |
| 2022-05-17 | CVE-2022-1361 | SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. | 5.0 |
| 2022-05-17 | CVE-2022-1362 | OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. | 9.3 |
| 2020-02-17 | CVE-2020-9022 | Cross-site Scripting vulnerability in Cambiumnetworks products An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. | 4.3 |