Information disclosure in Cambium Networks cnPilot
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5261 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
cnPilot Hardware solutions / Firmware |
| Vendor | Cambium Networks |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Path traversal
EUVDB-ID: #VU13429
Risk: Low
CVSSv4.0: 5.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-5261
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists in the ping and traceroute functions of the web administrative console in Cambium Networks cnPilot due to insufficient sanitization of user-supplied input processed by the Readfile script when a ping or traceroute command is issued. A remote attacker can send a specially crafted request that submits directory traversal characters and gain access to sensitive information, such as the admin password of the device, which could result in a complete system compromise.
MitigationUpdate to version 4.3.4-R8.
Vulnerable software versionscnPilot: All versions
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
