cambium networks

Top products

The 15 most recently published vulnerabilities affecting cambium networks.

• CVE-2022-1362Cambium Networks cnMaestro OS Command Injection5.0May 17, 2022
• CVE-2022-1361Cambium Networks cnMaestro SQL Injection7.4May 17, 2022
• CVE-2022-1360Cambium Networks cnMaestro OS Command Injection8.2May 17, 2022
• CVE-2022-1359Cambium Networks cnMaestro Path Traversal5.7May 17, 2022
• CVE-2022-1358Cambium Networks cnMaestro SQL Injection5.9May 17, 2022
• CVE-2022-1356Cambium Networks cnMaestro use of Potentially Dangerous Function7.1May 17, 2022
• CVE-2022-1357Cambium Networks cnMaestro OS Command Injection9.8May 17, 2022
• CVE-2017-5259In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sy...8.8Dec 20, 2017
• CVE-2017-5256In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and t...5.4Dec 20, 2017
• CVE-2017-5254In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after ...8.8Dec 20, 2017
• CVE-2017-5263Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tok...8.0Dec 20, 2017
• CVE-2017-5255In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise lo...8.8Dec 20, 2017
• CVE-2017-5261In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible t...8.8Dec 20, 2017
• CVE-2017-5257In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execu...5.4Dec 20, 2017
• CVE-2017-5262In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference.8.0Dec 20, 2017