CVE-2022-1359 MEDIUM

CVE-2022-1359: Cambium Networks cnMaestro Path Traversal

Vendor Cambium Networks
Product cnMaestro
Weakness CWE-78
Published May 17, 2022
Last update April 16, 2025

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.

Key dates

02Disclosure timeline

May 17, 2022 CVE published
April 16, 2025 Record updated