High severity8.8NVD Advisory· Published Dec 20, 2017· Updated May 13, 2026

CVE-2017-5260

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' account, the configuration file is accessible via direct object reference (DRO) at http://<device-ip-or-hostname>/goform/down_cfg_file by this otherwise low privilege 'user' account.

Affected products

Cambiumnetworks/Cnpilot E400 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot E410 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot E600 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot R190n Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot R190v Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambium Networks/cnPilotv5
Range: 4.3.2-R4 and prior

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.027
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000