Vulnerabilities > Cambiumnetworks > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-6691 Code Injection vulnerability in Cambiumnetworks Epmp Force 300-25 Firmware 4.7.0.1
Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.
local
low complexity
cambiumnetworks CWE-94
7.8
2023-09-29 CVE-2022-35908 Unspecified vulnerability in Cambiumnetworks Enterprise Wi-Fi
Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
network
low complexity
cambiumnetworks
8.8
2022-05-17 CVE-2022-1356 Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
cnMaestro is vulnerable to a local privilege escalation.
local
low complexity
cambiumnetworks
7.8
2022-05-17 CVE-2022-1358 Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command.
network
low complexity
cambiumnetworks
7.5
2022-05-17 CVE-2022-1359 Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route.
network
low complexity
cambiumnetworks CWE-22
7.5
2022-05-17 CVE-2022-1361 Unspecified vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command.
network
low complexity
cambiumnetworks
7.5
2022-05-17 CVE-2022-1362 OS Command Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system.
local
low complexity
cambiumnetworks CWE-78
7.3
2017-12-20 CVE-2017-5263 Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
low complexity
cambiumnetworks CWE-352
8.0
2017-12-20 CVE-2017-5262 Information Exposure vulnerability in Cambiumnetworks products
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
low complexity
cambiumnetworks CWE-200
8.0
2017-12-20 CVE-2017-5261 Path Traversal vulnerability in Cambiumnetworks products
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
network
low complexity
cambiumnetworks CWE-22
8.8