What the vulnerability does

01Description

Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones.

Key dates

02Disclosure timeline

December 20, 2017 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE