High severity8.0NVD Advisory· Published Dec 20, 2017· Updated May 13, 2026

CVE-2017-5263

Description

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

Affected products

Cambiumnetworks/Cnpilot E400 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e400_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot E410 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e410_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot E600 Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_e600_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot R190n Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_r190n_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambiumnetworks/Cnpilot R190v Firmware
cpe:2.3:o:cambiumnetworks:cnpilot_r190v_firmware:*:*:*:*:*:*:*:*
Range: <=4.3.2-r4
Cambium Networks/cnPilotv5
Range: 4.3.2-R4 and prior

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.520
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000