Details of VAR-201712-0219

ID

VAR-201712-0219

CVE

CVE-2017-5260

TITLE

Cambium Networks cnPilot Vulnerabilities related to environmental settings

Trust: 0.8

sources: JVNDB: JVNDB-2017-011734

DESCRIPTION

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account. Cambium Networks cnPilot Vulnerabilities related to environment settings exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. There is a security vulnerability in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware. An attacker can use this vulnerability to gain access to the administrator's password with direct object references, which in turn controls the device and the entire WiFi network

Trust: 2.25

sources: NVD: CVE-2017-5260 // JVNDB: JVNDB-2017-011734 // CNVD: CNVD-2018-01040 // VULHUB: VHN-113463

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01040

AFFECTED PRODUCTS

vendor:	cambiumnetworks	model:	cnpilot r190v	scope:	lte	version:	4.3.2-r4	Trust: 1.0
vendor:	cambiumnetworks	model:	cnpilot e600	scope:	lte	version:	4.3.2-r4	Trust: 1.0
vendor:	cambiumnetworks	model:	cnpilot e400	scope:	lte	version:	4.3.2-r4	Trust: 1.0
vendor:	cambiumnetworks	model:	cnpilot e410	scope:	lte	version:	4.3.2-r4	Trust: 1.0
vendor:	cambiumnetworks	model:	cnpilot r190n	scope:	lte	version:	4.3.2-r4	Trust: 1.0
vendor:	cambium	model:	cnpilot e400	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	cnpilot e410	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	cnpilot e600	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	cnpilot r190n	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	cnpilot r190v	scope:	-	version:	-	Trust: 0.8
vendor:	cambium	model:	networks cnpilot <=4.3.2-r4	scope:	-	version:	-	Trust: 0.6
vendor:	cambiumnetworks	model:	cnpilot r190v	scope:	eq	version:	4.3.2-r4	Trust: 0.6
vendor:	cambiumnetworks	model:	cnpilot e600	scope:	eq	version:	4.3.2-r4	Trust: 0.6
vendor:	cambiumnetworks	model:	cnpilot e410	scope:	eq	version:	4.3.2-r4	Trust: 0.6
vendor:	cambiumnetworks	model:	cnpilot r190n	scope:	eq	version:	4.3.2-r4	Trust: 0.6
vendor:	cambiumnetworks	model:	cnpilot e400	scope:	eq	version:	4.3.2-r4	Trust: 0.6

sources: CNVD: CNVD-2018-01040 // JVNDB: JVNDB-2017-011734 // CNNVD: CNNVD-201701-407 // NVD: CVE-2017-5260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-5260
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-5260
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-01040
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201701-407
value:	HIGH
Trust: 0.6
VULHUB:	VHN-113463
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-5260
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-01040
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-113463
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-5260
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-01040 // VULHUB: VHN-113463 // JVNDB: JVNDB-2017-011734 // CNNVD: CNNVD-201701-407 // NVD: CVE-2017-5260

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.1
problemtype:	CWE-472	Trust: 1.0
problemtype:	CWE-16	Trust: 0.9

sources: VULHUB: VHN-113463 // JVNDB: JVNDB-2017-011734 // NVD: CVE-2017-5260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201701-407

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-201701-407

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011734

PATCH

title:	Top Page	url:	https://www.cambiumnetworks.com/	Trust: 0.8
title:	Patch for CambiumNetworkscnPilot Direct Object Reference Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/113519	Trust: 0.6
title:	Cambium Networks cnPilot Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99613	Trust: 0.6

sources: CNVD: CNVD-2018-01040 // JVNDB: JVNDB-2017-011734 // CNNVD: CNNVD-201701-407

EXTERNAL IDS

db:	NVD	id:	CVE-2017-5260	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-011734	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-407	Trust: 0.7
db:	CNVD	id:	CNVD-2018-01040	Trust: 0.6
db:	VULHUB	id:	VHN-113463	Trust: 0.1

sources: CNVD: CNVD-2018-01040 // VULHUB: VHN-113463 // JVNDB: JVNDB-2017-011734 // CNNVD: CNNVD-201701-407 // NVD: CVE-2017-5260

REFERENCES

url:	https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5260	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5260	Trust: 0.8

sources: CNVD: CNVD-2018-01040 // VULHUB: VHN-113463 // JVNDB: JVNDB-2017-011734 // CNNVD: CNNVD-201701-407 // NVD: CVE-2017-5260

SOURCES

db:	CNVD	id:	CNVD-2018-01040
db:	VULHUB	id:	VHN-113463
db:	JVNDB	id:	JVNDB-2017-011734
db:	CNNVD	id:	CNNVD-201701-407
db:	NVD	id:	CVE-2017-5260

LAST UPDATE DATE

2025-04-20T23:38:21.307000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01040	date:	2018-01-16T00:00:00
db:	VULHUB	id:	VHN-113463	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-011734	date:	2018-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201701-407	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-5260	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01040	date:	2018-01-16T00:00:00
db:	VULHUB	id:	VHN-113463	date:	2017-12-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-011734	date:	2018-01-25T00:00:00
db:	CNNVD	id:	CNNVD-201701-407	date:	2017-01-17T00:00:00
db:	NVD	id:	CVE-2017-5260	date:	2017-12-20T22:29:00.557