CVE-2017-5260

Publication date

2017-12-20 22:00:00

Family

rapid7

State

PUBLISHED

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the user account, the configuration file is accessible via direct object reference (DRO) at http:///goform/down_cfg_file by this otherwise low privilege user account.