CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1362 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1362
17 May 2022 — The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. El cnMaestro On-Premise afectado es vulnerable dentro de una ruta específica en la que un usuario puede cargar un paquete diseñado en el sistema. Un atacante podría abusar de estos datos controlados por el usuario para ejecutar comandos arbitrarios en el servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1361 – Cambium Networks cnMaestro SQL Injection
https://notcve.org/view.php?id=CVE-2022-1361
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. El cnMaestro On-Premise afectado es vulnerable a una exfiltración de datos previa a una autenticación mediante una neutralización inapropiada de elementos especiales usados en un comando SQL. Esto podría permitir a un atacante exfiltrar datos sobre las cuentas y disp... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 36%CPEs: 3EXPL: 0CVE-2022-1360 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1360
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. El cnMaestro On-Premise afectado es vulnerable a una ejecución de código en el servidor de alojamiento de cnMaestro. Esto podría permitir a un atacante remoto cambiar los ajustes de configuración del servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1359 – Cambium Networks cnMaestro Path Traversal
https://notcve.org/view.php?id=CVE-2022-1359
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. El cnMaestro On-Premise afectado es vulnerable a una escritura arbitraria de archivos mediante la limitación inapropiada de un nombre d... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1358 – Cambium Networks cnMaestro SQL Injection
https://notcve.org/view.php?id=CVE-2022-1358
17 May 2022 — The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. El On-Premise afectado es vulnerable a una exfiltración de datos mediante la neutralización inapropiada de elementos especiales usados en un comando SQL. Esto podría permitir a un atacante exfiltrar y volcar todos los datos contenidos en la base de datos de cnMaestro • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1356 – Cambium Networks cnMaestro use of Potentially Dangerous Function
https://notcve.org/view.php?id=CVE-2022-1356
17 May 2022 — cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. cnMaestro es vulnerable a una escalada de privilegios local. Por defecto, un usuario no presenta privilegios de root. Sin embargo, un usuario puede ejecutar scripts como sudo, lo que podría permitir a un atacante alcanzar privilegios de root cuando ejecute s... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2022-1357 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1357
17 May 2022 — The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. El cnMaestro On-Premise afectado permite a un atacante no autenticado acceder al servidor de cnMaestro y ejecutar código arbitrario con los privilegios del servidor web. Esta falta de comprobación podría permitir a un atacante añadir datos arbitrarios ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •