Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.
CVSS Information
N/A
Vulnerability Type
对假设不可变Web参数的外部可控制
Vulnerability Title
Cambium Networks cnPilot 安全漏洞
Vulnerability Description
Cambium Networks cnPilot是美国Cambium Networks公司的一款支持云管理单频路由器产品。 使用4.3.2-R4及之前版本固件的Cambium Networks cnPilot中存在安全漏洞。攻击者可借助直接的对象引用利用该漏洞获取管理员密码的访问权限,进而控制设备和整个WiFi网络。
CVSS Information
N/A
Vulnerability Type
N/A