CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2023-6691 – Code Injection vulnerability in Cambium ePMP Force 300-25
https://notcve.org/view.php?id=CVE-2023-6691
18 Dec 2023 — Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. Cambium ePMP Force 300-25 versión 4.7.0.1 es afectado por una vulnerabilidad de inyección de código que podría permitir a un atacante realizar la ejecución remota de código y obtener privilegios de root. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35908
https://notcve.org/view.php?id=CVE-2022-35908
29 Sep 2023 — Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. Cambium Enterprise Wi-Fi System Software anterior a 6.4.2 no sanitiza el argumento del host de ping en el agente del dispositivo. • https://community.cambiumnetworks.com/t/enterprise-wi-fi-system-software-release-6-4-2/87229 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1362 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1362
17 May 2022 — The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. El cnMaestro On-Premise afectado es vulnerable dentro de una ruta específica en la que un usuario puede cargar un paquete diseñado en el sistema. Un atacante podría abusar de estos datos controlados por el usuario para ejecutar comandos arbitrarios en el servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1361 – Cambium Networks cnMaestro SQL Injection
https://notcve.org/view.php?id=CVE-2022-1361
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. El cnMaestro On-Premise afectado es vulnerable a una exfiltración de datos previa a una autenticación mediante una neutralización inapropiada de elementos especiales usados en un comando SQL. Esto podría permitir a un atacante exfiltrar datos sobre las cuentas y disp... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 36%CPEs: 3EXPL: 0CVE-2022-1360 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1360
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. El cnMaestro On-Premise afectado es vulnerable a una ejecución de código en el servidor de alojamiento de cnMaestro. Esto podría permitir a un atacante remoto cambiar los ajustes de configuración del servidor • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1359 – Cambium Networks cnMaestro Path Traversal
https://notcve.org/view.php?id=CVE-2022-1359
17 May 2022 — The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. El cnMaestro On-Premise afectado es vulnerable a una escritura arbitraria de archivos mediante la limitación inapropiada de un nombre d... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1358 – Cambium Networks cnMaestro SQL Injection
https://notcve.org/view.php?id=CVE-2022-1358
17 May 2022 — The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. El On-Premise afectado es vulnerable a una exfiltración de datos mediante la neutralización inapropiada de elementos especiales usados en un comando SQL. Esto podría permitir a un atacante exfiltrar y volcar todos los datos contenidos en la base de datos de cnMaestro • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1356 – Cambium Networks cnMaestro use of Potentially Dangerous Function
https://notcve.org/view.php?id=CVE-2022-1356
17 May 2022 — cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. cnMaestro es vulnerable a una escalada de privilegios local. Por defecto, un usuario no presenta privilegios de root. Sin embargo, un usuario puede ejecutar scripts como sudo, lo que podría permitir a un atacante alcanzar privilegios de root cuando ejecute s... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 0CVE-2022-1357 – Cambium Networks cnMaestro OS Command Injection
https://notcve.org/view.php?id=CVE-2022-1357
17 May 2022 — The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command. El cnMaestro On-Premise afectado permite a un atacante no autenticado acceder al servidor de cnMaestro y ejecutar código arbitrario con los privilegios del servidor web. Esta falta de comprobación podría permitir a un atacante añadir datos arbitrarios ... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-9022
https://notcve.org/view.php?id=CVE-2020-9022
17 Feb 2020 — An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. Se detectó un problema en los dispositivos Xirrus XR520, XR620, XR2436 y XH2-120. El parámetro user del archivo cgi-bin/ViewPage.cgi permite un ataque de tipo XSS. • https://sku11army.blogspot.com/2020/01/xirrus-xirrus-wifi-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •