CVE-2017-5255

Name of the Vulnerable Software and Affected Versions Cambium Networks ePMP firmware versions prior to 3.5

Description The issue is related to a lack of input sanitation for certain parameters on the web management console. This allows any authenticated user, including low-privilege readonly users, to inject shell meta-characters as part of a specially-crafted POST request to the get chart function and run OS-level commands, effectively as root.

Recommendations For versions prior to 3.5, update to a version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management console to minimize the risk of exploitation. Avoid using the get chart function until the issue is resolved.