PT-2017-16424 · Cambium Networks · Epmp
Karn Ganeshen
·
Publicado
2017-12-20
·
Atualizado
2019-10-09
·
CVE-2017-5256
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cambium Networks ePMP firmware versions prior to 3.5
Description
The issue allows all authenticated users to update the Device Name and System Description fields in the web administration console. These fields are vulnerable to persistent cross-site scripting (XSS) injection.
Recommendations
For versions prior to 3.5, update to version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the web administration console to minimize the risk of exploitation. Avoid using the Device Name and System Description fields in the web administration console until the issue is resolved.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Epmp