CVE-2022-1359

CWE-22: IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL')
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.

Risk Information

  • CVE ID
  • CVE-2022-1359
  • Vendor
  • Cambium Networks
  • Product
  • cnMaestro
  • CVSS v3
  • 5.7