Path traversal in cnPilot - CVE-2017-5261
Published: June 22, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13429
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-5261
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Cambium Networks
Affected software:
cnPilot
cnPilot
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The vulnerability exists in the ping and traceroute functions of the web administrative console in Cambium Networks cnPilot due to insufficient sanitization of user-supplied input processed by the Readfile script when a ping or traceroute command is issued. A remote attacker can send a specially crafted request that submits directory traversal characters and gain access to sensitive information, such as the admin password of the device, which could result in a complete system compromise.
How to mitigate CVE-2017-5261
Update to version 4.3.4-R8.