Lack of CSRF Controls in Cambium Networks cnPilot Firmware Versions 4.3.2-R4 and Prior

Lack of CSRF Controls in Cambium Networks cnPilot Firmware Versions 4.3.2-R4 and Prior

CVE-2017-5263 · MEDIUM Severity

AV:A/AC:M/AU:N/C:P/I:P/A:P

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

Learn more about our Web App Pen Testing.