Known Vulnerabilities for products from Cambiumnetworks
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Cambiumnetworks".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Cambiumnetworks can be found at device.report : Cambiumnetworks
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-35908 | Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | 8.8 - HIGH | 2023-09-29 | 2023-10-10 |
| CVE-2022-1362 | The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the syst... | 7.3 - HIGH | 2022-05-17 | 2022-06-06 |
| CVE-2022-1361 | The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special el... | 7.5 - HIGH | 2022-05-17 | 2022-06-07 |
| CVE-2022-1360 | The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remo... | 9.8 - CRITICAL | 2022-05-17 | 2022-06-06 |
| CVE-2022-1359 | The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a res... | 7.5 - HIGH | 2022-05-17 | 2022-06-06 |
| CVE-2022-1358 | The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL... | 7.5 - HIGH | 2022-05-17 | 2022-06-06 |
| CVE-2022-1357 | The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary cod... | 9.8 - CRITICAL | 2022-05-17 | 2022-06-06 |
| CVE-2022-1356 | cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user ca... | 7.8 - HIGH | 2022-05-17 | 2022-06-06 |
| CVE-2020-9022 | An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows X... | 6.1 - MEDIUM | 2020-02-17 | 2020-02-19 |
| CVE-2017-5859 | On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vulnerability involving the certificate of the device and... | 9.8 - CRITICAL | 2017-03-10 | 2021-05-11 |
| CVE-2017-5263 | Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF att... | 8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5262 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to s... | 8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5261 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web adminis... | 8.8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5260 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is ... | 8.8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5259 | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell... | 8.8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5258 | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can pr... | 5.4 - MEDIUM | 2017-12-20 | 2019-10-09 |
| CVE-2017-5257 | In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) commu... | 5.4 - MEDIUM | 2017-12-20 | 2019-10-09 |
| CVE-2017-5256 | In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Nam... | 5.4 - MEDIUM | 2017-12-20 | 2019-10-09 |
| CVE-2017-5255 | In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web mana... | 8.8 - HIGH | 2017-12-20 | 2019-10-09 |
| CVE-2017-5254 | In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capa... | 8.8 - HIGH | 2017-12-20 | 2019-10-09 |
Known software with vulnerabilities from Cambiumnetworks
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Cambiumnetworks | Xh2-120 | - |
| Operating System | Cambiumnetworks | Xh2-120 Firmware | - |
| Hardware | Cambiumnetworks | Xr2436 | - |
| Operating System | Cambiumnetworks | Xr2436 Firmware | - |
| Hardware | Cambiumnetworks | Xr520 | - |
| Operating System | Cambiumnetworks | Xr520 Firmware | - |
| Hardware | Cambiumnetworks | Xr620 | - |
| Operating System | Cambiumnetworks | Xr620 Firmware | - |