Vulnerabilities > Cambiumnetworks > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-20 | CVE-2017-5260 | Incorrect Permission Assignment for Critical Resource vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | 8.8 |
| 2017-12-20 | CVE-2017-5259 | Cleartext Transmission of Sensitive Information vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. | 8.8 |
| 2017-12-20 | CVE-2017-5255 | OS Command Injection vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | 8.8 |
| 2017-12-20 | CVE-2017-5254 | Improper Privilege Management vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | 8.8 |