Sign-up

ID

VAR-201712-0221


CVE

CVE-2017-5262


TITLE

Cambium Networks cnPilot Vulnerability in information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-011617

DESCRIPTION

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the SNMP read-only (RO) community string has access to sensitive information by OID reference. Cambium Networks cnPilot Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworkscnPilot is a cloud-managed single-frequency router product from Cambium Networks Inc. There is a security vulnerability in CambiumNetworkscnPilot using 4.3.2-R4 and previous firmware. An attacker could exploit the vulnerability by referring to an object identifier to obtain sensitive information (username and password)

Trust: 2.25

sources: NVD: CVE-2017-5262 // JVNDB: JVNDB-2017-011617 // CNVD: CNVD-2018-01038 // VULHUB: VHN-113465

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-01038

AFFECTED PRODUCTS

vendor:cambiumnetworksmodel:cnpilot e410scope:lteversion:4.3.2-r4

Trust: 1.0

vendor:cambiumnetworksmodel:cnpilot r190vscope:lteversion:4.3.2-r4

Trust: 1.0

vendor:cambiumnetworksmodel:cnpilot e400scope:lteversion:4.3.2-r4

Trust: 1.0

vendor:cambiumnetworksmodel:cnpilot r190nscope:lteversion:4.3.2-r4

Trust: 1.0

vendor:cambiumnetworksmodel:cnpilot e600scope:lteversion:4.3.2-r4

Trust: 1.0

vendor:cambiummodel:cnpilot e400scope:lteversion:4.3.2-r4

Trust: 0.8

vendor:cambiummodel:cnpilot e410scope:lteversion:4.3.2-r4

Trust: 0.8

vendor:cambiummodel:cnpilot e600scope:lteversion:4.3.2-r4

Trust: 0.8

vendor:cambiummodel:cnpilot r190nscope:lteversion:4.3.2-r4

Trust: 0.8

vendor:cambiummodel:cnpilot r190vscope:lteversion:4.3.2-r4

Trust: 0.8

vendor:cambiummodel:networks cnpilot <=4.3.2-r4scope: - version: -

Trust: 0.6

vendor:cambiumnetworksmodel:cnpilot r190vscope:eqversion:4.3.2-r4

Trust: 0.6

vendor:cambiumnetworksmodel:cnpilot e600scope:eqversion:4.3.2-r4

Trust: 0.6

vendor:cambiumnetworksmodel:cnpilot e410scope:eqversion:4.3.2-r4

Trust: 0.6

vendor:cambiumnetworksmodel:cnpilot r190nscope:eqversion:4.3.2-r4

Trust: 0.6

vendor:cambiumnetworksmodel:cnpilot e400scope:eqversion:4.3.2-r4

Trust: 0.6

sources: CNVD: CNVD-2018-01038 // JVNDB: JVNDB-2017-011617 // CNNVD: CNNVD-201701-405 // NVD: CVE-2017-5262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5262
value: HIGH

Trust: 1.0

NVD: CVE-2017-5262
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-01038
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201701-405
value: HIGH

Trust: 0.6

VULHUB: VHN-113465
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-5262
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-01038
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-113465
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-5262
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-01038 // VULHUB: VHN-113465 // JVNDB: JVNDB-2017-011617 // CNNVD: CNNVD-201701-405 // NVD: CVE-2017-5262

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-113465 // JVNDB: JVNDB-2017-011617 // NVD: CVE-2017-5262

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201701-405

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201701-405

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-011617

PATCH
title:Top Pageurl:https://www.cambiumnetworks.com/
Trust: 0.8
title:CambiumNetworkscnPilot privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/113527
Trust: 0.6
title:Cambium Networks cnPilot Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99611
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-01038 // 
            
            
            
            JVNDB: JVNDB-2017-011617 // 
            
            
            
            CNNVD: CNNVD-201701-405

EXTERNAL IDS
db:NVDid:CVE-2017-5262
Trust: 3.1
db:JVNDBid:JVNDB-2017-011617
Trust: 0.8
db:CNNVDid:CNNVD-201701-405
Trust: 0.7
db:CNVDid:CNVD-2018-01038
Trust: 0.6
db:VULHUBid:VHN-113465
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-01038 // 
            
            
            
            VULHUB: VHN-113465 // 
            
            
            
            JVNDB: JVNDB-2017-011617 // 
            
            
            
            CNNVD: CNNVD-201701-405 // 
            
            
            
            NVD: CVE-2017-5262

REFERENCES
url:https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5262
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5262
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-01038 // 
            
            
            
            VULHUB: VHN-113465 // 
            
            
            
            JVNDB: JVNDB-2017-011617 // 
            
            
            
            CNNVD: CNNVD-201701-405 // 
            
            
            
            NVD: CVE-2017-5262

SOURCES
db:CNVDid:CNVD-2018-01038
db:VULHUBid:VHN-113465
db:JVNDBid:JVNDB-2017-011617
db:CNNVDid:CNNVD-201701-405
db:NVDid:CVE-2017-5262

LAST UPDATE DATE
2024-11-23T22:59:08.532000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-01038date:2018-01-16T00:00:00
db:VULHUBid:VHN-113465date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2017-011617date:2018-01-23T00:00:00
db:CNNVDid:CNNVD-201701-405date:2019-10-17T00:00:00
db:NVDid:CVE-2017-5262date:2024-11-21T03:27:23.360

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-01038date:2018-01-16T00:00:00
db:VULHUBid:VHN-113465date:2017-12-20T00:00:00
db:JVNDBid:JVNDB-2017-011617date:2018-01-23T00:00:00
db:CNNVDid:CNNVD-201701-405date:2017-01-17T00:00:00
db:NVDid:CVE-2017-5262date:2017-12-20T22:29:00.637