Vendor scorecard
Cambium Networks
Cambium Networks security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: cambiumnetworks
Product families
2
Open in latest
5
Inferred — see methodology
Last disclosure
May 17, 2022
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| cnMaestroWireless LAN · Network Management & Monitoringcnmaestro | 7 | 0 | unknown | ||
| Access PointsWireless LANcnpilot_e410_firmware, cnpilot_r200_firmware | 5 | 5 | 4.3.2-r4LOW |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2022-1362(opens NVD record) | Medium | 5.0 | The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | May 17, 2022 |
| CVE-2022-1361(opens NVD record) | High | 7.4 | The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | May 17, 2022 |
| CVE-2022-1360(opens NVD record) | High | 8.2 | The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. | May 17, 2022 |
| CVE-2022-1359(opens NVD record) | Medium | 5.7 | The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | May 17, 2022 |
| CVE-2022-1358(opens NVD record) | Medium | 5.9 | The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | May 17, 2022 |
| CVE-2022-1357(opens NVD record) | Critical | 9.8 | The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. | May 17, 2022 |
| CVE-2022-1356(opens NVD record) | High | 7.1 | cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | May 17, 2022 |
| CVE-2017-5263(opens NVD record) | High | 8.0 | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones. | Dec 20, 2017 |
| CVE-2017-5262(opens NVD record) | High | 8.0 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. | Dec 20, 2017 |
| CVE-2017-5261(opens NVD record) | High | 8.8 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users. | Dec 20, 2017 |
| CVE-2017-5260(opens NVD record) | High | 8.8 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. | Dec 20, 2017 |
| CVE-2017-5259(opens NVD record) | High | 8.8 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp. | Dec 20, 2017 |
12 CVEs · 2 product families