CVE-2017-5261

HIGH

Cambium Networks cnPilot <4.3.2-R4 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5261. Includes Metasploit module auxiliary/admin/http/cnpilot_r_fpt.

AI-analyzed exploit summary This Metasploit module exploits a file path traversal vulnerability in Cambium cnPilot r200/r201 devices to read arbitrary files. It authenticates with provided credentials and sends a crafted HTTP request to traverse directories and retrieve the specified file.

Description

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.

Exploits (1)

metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/cnpilot_r_fpt.rb

This Metasploit module exploits a file path traversal vulnerability in Cambium cnPilot r200/r201 devices to read arbitrary files. It authenticates with provided credentials and sends a crafted HTTP request to traverse directories and retrieve the specified file.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Cambium cnPilot r200/r201 (versions 4.3.3-R4 and prior)
Auth required
Prerequisites: Network access to the target device · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0889
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22 CWE-472
Status published
Products (6)
Cambium Networks/cnPilot 4.3.2-R4 and prior
cambiumnetworks/cnpilot_e400_firmware < 4.3.2-r4
cambiumnetworks/cnpilot_e410_firmware < 4.3.2-r4
cambiumnetworks/cnpilot_e600_firmware < 4.3.2-r4
cambiumnetworks/cnpilot_r190n_firmware < 4.3.2-r4
cambiumnetworks/cnpilot_r190v_firmware < 4.3.2-r4
Published Dec 20, 2017
Tracked Since Feb 18, 2026