CVE-2017-5257

Name of the Vulnerable Software and Affected Versions Cambium Networks ePMP firmware versions prior to 3.5

Description The issue allows an attacker who knows or guesses the SNMP read/write community string to insert XSS strings in certain SNMP OIDs, which will execute in the context of the currently logged-on user.

Recommendations For versions prior to 3.5, update to a version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the SNMP read/write community string to minimize the risk of exploitation.