CVE-2017-5260

HIGH Year: 2017
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-472
View all →

Vulnerability Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.

Related Vulnerabilities

CVE-2017-5261

HIGH
CVSS:8.8(High)

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to a...

CWE-4722017

CVE-2021-27770

HIGH
CVSS:8.8(High)

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function...

CWE-4722021

CVE-2024-7025

HIGH
CVSS:8.8(High)

Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE-4722024

CVE-2025-0436

HIGH
CVSS:8.8(High)

Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE-4722025

CVE-2025-47817

HIGH
CVSS:8.8(High)

In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.

CWE-4722025

CVE-2025-30236

HIGH
CVSS:8.6(High)

Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 allows authentication through only a six-digit TOTP code (skipping a password check) if an HTTP POST request contains a SESSION parameter.

CWE-4722025