#VU13429 Path traversal in cnPilot - CVE-2017-5261
Published: June 22, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13429
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-5261
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
cnPilot
cnPilot
Software vendor:
Cambium Networks
Cambium Networks
Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists in the ping and traceroute functions of the web administrative console in Cambium Networks cnPilot due to insufficient sanitization of user-supplied input processed by the Readfile script when a ping or traceroute command is issued. A remote attacker can send a specially crafted request that submits directory traversal characters and gain access to sensitive information, such as the admin password of the device, which could result in a complete system compromise.
Remediation
Update to version 4.3.4-R8.