Showing 1 - 1 of 1

CVE-2017-5260

Status Candidate

Overview

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.

Related Files

Cambium CnPilot R200/r201 Login Scanner And Config Dump: Posted Sep 1, 2024; Authored by Karn Ganeshen | Site metasploit.com; This Metasploit module scans for Cambium cnPilot r200/r201 management login portal(s), attempts to identify valid credentials, and dump device configuration. The device has at least two (2) users - admin and user. Due to an access control vulnerability, it is possible for user account to access full device config. All information, including passwords, and keys, is stored insecurely, in clear-text form, thus allowing unauthorized admin access to any user.; tags | exploit; advisories | CVE-2017-5260; SHA-256 | d31132b302a58be7536cbcd0797d373163a704589e02303f4892827ccbf43ce2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 270 files
indoushka 152 files
Jay Turla 150 files
Ubuntu 68 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Debian 27 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,117)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,066)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,731)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,807)
UNIX (9,449)
UnixWare (187)
Windows (6,762)
Other

CVE-2017-5260

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems