Vulnerabilities > Cambiumnetworks > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-6691 | Code Injection vulnerability in Cambiumnetworks Epmp Force 300-25 Firmware 4.7.0.1 Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. | 7.8 |
2023-09-29 | CVE-2022-35908 | Unspecified vulnerability in Cambiumnetworks Enterprise Wi-Fi Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | 8.8 |
2022-05-17 | CVE-2022-1356 | Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 cnMaestro is vulnerable to a local privilege escalation. | 7.8 |
2022-05-17 | CVE-2022-1358 | Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. | 7.5 |
2022-05-17 | CVE-2022-1359 | Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. | 7.5 |
2022-05-17 | CVE-2022-1361 | Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. | 7.5 |
2022-05-17 | CVE-2022-1362 | OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. | 7.3 |
2017-12-20 | CVE-2017-5263 | Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 8.0 |
2017-12-20 | CVE-2017-5262 | Information Exposure vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | 8.0 |
2017-12-20 | CVE-2017-5261 | Path Traversal vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 8.8 |