Cross site request forgery (csrf)

2017-12-2022:29:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

CPENameOperatorVersion
cnpilot_e400_firmwareeq<= 4.3.2-r4
cnpilot_e410_firmwareeq<= 4.3.2-r4
cnpilot_e600_firmwareeq<= 4.3.2-r4
cnpilot_r190n_firmwareeq<= 4.3.2-r4
cnpilot_r190v_firmwareeq<= 4.3.2-r4

Name	Operator	Version
cnpilot_e400_firmware	eq	<= 4.3.2-r4
cnpilot_e410_firmware	eq	<= 4.3.2-r4
cnpilot_e600_firmware	eq	<= 4.3.2-r4
cnpilot_r190n_firmware	eq	<= 4.3.2-r4
cnpilot_r190v_firmware	eq	<= 4.3.2-r4