Path traversal

2017-12-2022:29:00

PRIOn knowledge base

www.prio-n.com

8.5 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the ‘ping’ and ‘traceroute’ functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

CPENameOperatorVersion
cnpilot_e400_firmwareeq<= 4.3.2-r4
cnpilot_e410_firmwareeq<= 4.3.2-r4
cnpilot_e600_firmwareeq<= 4.3.2-r4
cnpilot_r190n_firmwareeq<= 4.3.2-r4
cnpilot_r190v_firmwareeq<= 4.3.2-r4

Name	Operator	Version
cnpilot_e400_firmware	eq	<= 4.3.2-r4
cnpilot_e410_firmware	eq	<= 4.3.2-r4
cnpilot_e600_firmware	eq	<= 4.3.2-r4
cnpilot_r190n_firmware	eq	<= 4.3.2-r4
cnpilot_r190v_firmware	eq	<= 4.3.2-r4