RSS   Vulnerabilities for 'Epmp 1000 firmware'   RSS

2017-12-20
 
CVE-2017-5258

CWE-79
 

 
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.

 
 
CVE-2017-5257

CWE-79
 

 
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

 
 
CVE-2017-5256

CWE-79
 

 
In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

 
 
CVE-2017-5255

CWE-77
 

 
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.

 
 
CVE-2017-5254

CWE-264
 

 
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.

 

 >>> Vendor: Cambiumnetworks 7 Products
Cnpilot e400 firmware
Cnpilot e410 firmware
Cnpilot e600 firmware
Cnpilot r190n firmware
Cnpilot r190v firmware
Epmp 1000 firmware
Epmp 2000 firmware


Copyright 2019, cxsecurity.com

 

Back to Top