CVE-2017-5259

Summary

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

Affected Software

VendorProductVersion RangeStatus
Cambium NetworkscnPilot4.3.2-R4 and prioraffected

Weaknesses

  • CWE-489: CWE-489 (Leftover Debug Code)

ADP Enrichment

CVE Program Container

Additional References

References