CVE-2017-5254

Name of the Vulnerable Software and Affected Versions Cambium Networks ePMP firmware versions prior to 3.5

Description The issue allows non-administrative users, specifically 'installer' and 'home', to change passwords for other accounts, including administrative ones, by bypassing a client-side protection mechanism.

Recommendations For versions prior to 3.5, consider restricting access to the password change functionality for non-administrative users until a fix is available. As a temporary workaround, disable the ability for 'installer' and 'home' users to modify account passwords. Restrict access to the firmware configuration to minimize the risk of exploitation.