CVE-2017-5263
published 2017-12-20CVE-2017-5263: Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically…
PriorityP431high8CVSS 3.0
AVAACLPRNUIRSUCHIHAH
EPSS
0.30%
21.6th percentile
Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cambium_networks | cnpilot | — | — |
| cambiumnetworks | cnpilot_e400_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e410_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_e600_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190n_firmware | <= 4.3.2-r4 | — |
| cambiumnetworks | cnpilot_r190v_firmware | <= 4.3.2-r4 | — |
CVSS provenance
nvdv3.08.0HIGHCVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.05.4MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-12-20
Published