Undocumented Root-Privilege Web Shell Vulnerability in Cambium Networks cnPilot Firmware

Undocumented Root-Privilege Web Shell Vulnerability in Cambium Networks cnPilot Firmware

CVE-2017-5259 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

Learn more about our Web App Pen Testing.