What the vulnerability does

01Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/syscmd.asp.

Key dates

02Disclosure timeline

December 20, 2017 CVE published
August 5, 2024 Record updated