CVE-2022-1361

HIGH

Cambium Networks cnMaestro - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04

Scores

CVSS v3 7.4
EPSS 0.0090
EPSS Percentile 55.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (3)
cambiumnetworks/cnmaestro 2.4.2
cambiumnetworks/cnmaestro 3.0.0
cambiumnetworks/cnmaestro 3.0.3
Published May 17, 2022
Tracked Since Feb 18, 2026