Vulnerabilities > Cambiumnetworks > Cnpilot E600 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-5263 | Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 5.4 |
| 2017-12-20 | CVE-2017-5261 | Path Traversal vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 4.0 |