CVE-2017-5261
published 2017-12-20CVE-2017-5261: In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path…
PriorityP262high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
8.89%
94.6th percentile
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cambium_networks | cnpilot | — | — |
| cambiumnetworks | cnpilot_e400_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e410_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e600_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190n_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190v_firmware | <= 4.3.2-r4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The file path traversal vulnerability is accessible to ALL authenticated users (not just admins) via the 'ping' and 'traceroute' functions of the web administrative console on Cambium cnPilot r200/r201 devices. ↗
- →Monitor HTTP requests to Cambium cnPilot web admin console targeting traceroute/ping form endpoints with path traversal sequences (e.g., ../../) in parameters, which can be used to read arbitrary files from the filesystem. ↗
- ·The NVD advisory states affected versions as '4.3.2-R4 and prior', while the Metasploit module lists '4.3.3-R4 and prior'. Verify the exact boundary version against the vendor advisory before scoping detection. ↗
- ·Exploitation requires authentication; detection should focus on authenticated sessions making anomalous traversal requests, not unauthenticated probes. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-12-20
Published