PT-2017-16424 · Cambium Networks · Epmp
Karn Ganeshen
·
Published
2017-12-20
·
Updated
2019-10-09
·
CVE-2017-5256
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cambium Networks ePMP firmware versions prior to 3.5
Description
The issue allows all authenticated users to update the Device Name and System Description fields in the web administration console. These fields are vulnerable to persistent cross-site scripting (XSS) injection.
Recommendations
For versions prior to 3.5, update to version 3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the web administration console to minimize the risk of exploitation. Avoid using the Device Name and System Description fields in the web administration console until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Epmp