Path traversal

2017-12-2022:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.027 Low

EPSS

Percentile

90.6%

JSON

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

CPENameOperatorVersion
cnpilot_e400_firmwareeq<= 4.3.2-r4
cnpilot_e410_firmwareeq<= 4.3.2-r4
cnpilot_e600_firmwareeq<= 4.3.2-r4
cnpilot_r190n_firmwareeq<= 4.3.2-r4
cnpilot_r190v_firmwareeq<= 4.3.2-r4

Name	Operator	Version
cnpilot_e400_firmware	eq	<= 4.3.2-r4
cnpilot_e410_firmware	eq	<= 4.3.2-r4
cnpilot_e600_firmware	eq	<= 4.3.2-r4
cnpilot_r190n_firmware	eq	<= 4.3.2-r4
cnpilot_r190v_firmware	eq	<= 4.3.2-r4