Vulnerabilities > Cambiumnetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-17 | CVE-2022-1358 | SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. | 5.0 |
| 2022-05-17 | CVE-2022-1359 | Path Traversal vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. | 5.0 |
| 2022-05-17 | CVE-2022-1361 | SQL Injection vulnerability in Cambiumnetworks Cnmaestro 2.4.2/3.0.0/3.0.3 The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. | 5.0 |
| 2020-02-17 | CVE-2020-9022 | Cross-site Scripting vulnerability in Cambiumnetworks products An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. | 4.3 |
| 2017-12-20 | CVE-2017-5263 | Cross-Site Request Forgery (CSRF) vulnerability in Cambiumnetworks products Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | 5.4 |
| 2017-12-20 | CVE-2017-5261 | Path Traversal vulnerability in Cambiumnetworks products In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | 4.0 |