CVE-2017-5259

Name of the Vulnerable Software and Affected Versions Cambium Networks cnPilot firmware versions 4.3.2-R4 and prior

Description The issue concerns an undocumented, root-privilege administration web shell accessible via a specific HTTP path. This path is "https:///adm/syscmd.asp".

Recommendations For versions 4.3.2-R4 and prior, consider restricting access to the "/adm/syscmd.asp" endpoint until a patch is available. As a temporary workaround, limit exposure by disabling remote access to the administration interface if possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability.