In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2017-12-20T22:00:00

Updated: 2024-08-05T14:55:35.713Z

Reserved: 2017-01-09T00:00:00

Link: CVE-2017-5260

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-12-20T22:29:00.557

Modified: 2024-11-21T03:27:23.103

Link: CVE-2017-5260

cve-icon Redhat

No data.