Vulnerabilities (CVE)

Filtered by vendor Cambiumnetworks Subscribe
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-35908 1 Cambiumnetworks 1 Enterprise Wi-fi 2024-09-23 N/A 8.8 HIGH
Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
CVE-2023-6691 1 Cambiumnetworks 2 Epmp Force 300-25, Epmp Force 300-25 Firmware 2024-02-05 N/A 7.8 HIGH
Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges.
CVE-2022-1356 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 7.2 HIGH 7.8 HIGH
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.
CVE-2022-1358 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 5.0 MEDIUM 7.5 HIGH
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.
CVE-2022-1357 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 7.5 HIGH 9.8 CRITICAL
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.
CVE-2022-1361 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 5.0 MEDIUM 7.5 HIGH
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.
CVE-2022-1362 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 9.3 HIGH 7.3 HIGH
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
CVE-2022-1359 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 5.0 MEDIUM 7.5 HIGH
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
CVE-2022-1360 1 Cambiumnetworks 1 Cnmaestro 2024-02-04 7.5 HIGH 9.8 CRITICAL
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.
CVE-2020-9022 1 Cambiumnetworks 8 Xh2-120, Xh2-120 Firmware, Xr2436 and 5 more 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
CVE-2017-5254 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2024-02-04 9.0 HIGH 8.8 HIGH
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.
CVE-2017-5262 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2024-02-04 7.7 HIGH 8.0 HIGH
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.
CVE-2017-5263 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2024-02-04 5.4 MEDIUM 8.0 HIGH
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
CVE-2017-5258 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2024-02-04 3.5 LOW 5.4 MEDIUM
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.
CVE-2017-5256 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2024-02-04 3.5 LOW 5.4 MEDIUM
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.
CVE-2017-5257 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2024-02-04 3.5 LOW 5.4 MEDIUM
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.
CVE-2017-5261 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2024-02-04 4.0 MEDIUM 8.8 HIGH
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
CVE-2017-5260 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2024-02-04 9.0 HIGH 8.8 HIGH
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
CVE-2017-5255 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2024-02-04 9.0 HIGH 8.8 HIGH
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.
CVE-2017-5259 1 Cambiumnetworks 10 Cnpilot E400, Cnpilot E400 Firmware, Cnpilot E410 and 7 more 2024-02-04 9.0 HIGH 8.8 HIGH
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.