CVE-2017-5259

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

Related CPE's

ocambiumnetworkscnpilot_r190v_firmware********

hcambiumnetworkscnpilot_r190v-*******

ocambiumnetworkscnpilot_e410_firmware********

hcambiumnetworkscnpilot_e410-*******

ocambiumnetworkscnpilot_r190n_firmware********

hcambiumnetworkscnpilot_r190n-*******

ocambiumnetworkscnpilot_e400_firmware********

hcambiumnetworkscnpilot_e400-*******

ocambiumnetworkscnpilot_e600_firmware********

hcambiumnetworkscnpilot_e600-*******

References

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

Third Party Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

8.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:S/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

SINGLE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9

Created by Yello
About Severity.io