CVE-2017-5260 (GCVE-0-2017-5260)
Vulnerability from cvelistv5
Published
2017-12-20 22:00
Modified
2024-08-05 14:55
Severity ?
CWE
  • CWE-472 - (External Control of Assumed-Immutable Web Parameter)
Summary
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
References
Impacted products
Vendor Product Version
Cambium Networks cnPilot Version: 4.3.2-R4 and prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:35.713Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cnPilot",
          "vendor": "Cambium Networks",
          "versions": [
            {
              "status": "affected",
              "version": "4.3.2-R4 and prior"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the \u0027user\u0027 account, the configuration file is accessible via direct object reference (DRO) at http://\u003cdevice-ip-or-hostname\u003e/goform/down_cfg_file by this otherwise low privilege \u0027user\u0027 account."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-472",
              "description": "CWE-472 (External Control of Assumed-Immutable Web Parameter)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-20T21:57:01.000Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@rapid7.com",
          "ID": "CVE-2017-5260",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "cnPilot",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.3.2-R4 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cambium Networks"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the \u0027user\u0027 account, the configuration file is accessible via direct object reference (DRO) at http://\u003cdevice-ip-or-hostname\u003e/goform/down_cfg_file by this otherwise low privilege \u0027user\u0027 account."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-472 (External Control of Assumed-Immutable Web Parameter)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/",
              "refsource": "MISC",
              "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2017-5260",
    "datePublished": "2017-12-20T22:00:00.000Z",
    "dateReserved": "2017-01-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T14:55:35.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.