Vulnerabilities > Cambiumnetworks > Cnpilot E400 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-12-20 CVE-2017-5263 Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
5.4
2017-12-20 CVE-2017-5261 Path Traversal vulnerability in Cambiumnetworks products
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
network
low complexity
cambiumnetworks CWE-22
4.0