ePMP Firmware Version 3.5 and Prior: SNMP Community String XSS Vulnerability

ePMP Firmware Version 3.5 and Prior: SNMP Community String XSS Vulnerability

CVE-2017-5257 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

Learn more about our Network Penetration Testing.