Cambium Networks cnMaestro 2.4.2 On Premises Edition
Approved changes feed: RSS · Atom
cpe:2.3:o:cambiumnetworks:cnmaestro:2.4.2:*:*:*:on_premises:*:*:*
part: o version: 2.4.2 update: *
| Vendor | Cambiumnetworks (e995f679-6116-5240-a372-1fb88b915694) |
|---|---|
| Product | Cnmaestro (9dd62e63-a5d2-5a52-8915-864375b437d3) |
| Edition | * |
| Language | * |
| Software edition | on_premises |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-1362 |
vulnerable | 2026-06-03 14:45:58.616083 |
Cambium Networks cnMaestro OS Command Injection
MEDIUM (5)
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server.
Published: 2022-05-17T20:19:35.434Z
Updated: 2025-04-16T16:20:13.501Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1361 |
vulnerable | 2026-06-03 14:45:58.615532 |
Cambium Networks cnMaestro SQL Injection
HIGH (7.4)
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices.
Published: 2022-05-17T20:18:28.888Z
Updated: 2025-04-16T17:54:08.232Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1360 |
vulnerable | 2026-06-03 14:45:58.615006 |
Cambium Networks cnMaestro OS Command Injection
HIGH (8.2)
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings.
Published: 2022-05-17T20:17:51.582Z
Updated: 2025-04-16T16:20:21.687Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1359 |
vulnerable | 2026-06-03 14:45:58.614488 |
Cambium Networks cnMaestro Path Traversal
MEDIUM (5.7)
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.
Published: 2022-05-17T20:15:55.669Z
Updated: 2025-04-16T16:20:28.857Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1358 |
vulnerable | 2026-06-03 14:45:58.613976 |
Cambium Networks cnMaestro SQL Injection
MEDIUM (5.9)
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database.
Published: 2022-05-17T20:12:45.478Z
Updated: 2025-04-16T17:54:18.183Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1357 |
vulnerable | 2026-06-03 14:45:58.613444 |
Cambium Networks cnMaestro OS Command Injection
CRITICAL (9.8)
The affected On-Premise cnMaestro allows an unauthenticated attacker to access the cnMaestro server and execute arbitrary code in the privileges of the web server. This lack of validation could allow an attacker to append arbitrary data to the logger command.
Published: 2022-05-17T20:10:59.652Z
Updated: 2025-04-16T16:20:45.656Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1356 |
vulnerable | 2026-06-03 14:45:58.611802 |
Cambium Networks cnMaestro use of Potentially Dangerous Function
HIGH (7.1)
cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands.
Published: 2022-05-17T20:11:50.607Z
Updated: 2025-04-16T16:20:36.735Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.