PT-2017-16422 · Cambium Networks · Epmp

Karn Ganeshen

Published

2017-12-20

Updated

2019-10-09

CVE-2017-5254

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cambium Networks ePMP firmware versions prior to 3.5

Description The issue allows non-administrative users, specifically 'installer' and 'home', to change passwords for other accounts, including administrative ones, by bypassing a client-side protection mechanism.

Recommendations For versions prior to 3.5, consider restricting access to the password change functionality for non-administrative users until a fix is available. As a temporary workaround, disable the ability for 'installer' and 'home' users to modify account passwords. Restrict access to the firmware configuration to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

CVE-2017-5254

Affected Products

Epmp

PT-2017-16422 · Cambium Networks · Epmp

CVE-2017-5254

Weakness Enumeration

Related Identifiers

Affected Products

References · 4