GCVE - cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Cambiumnetworks (`e995f679-6116-5240-a372-1fb88b915694`)
Product	Epmp 2000 Firmware (`f395cc65-a66d-552e-80f6-0433528e8317`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-5258`	vulnerable	2026-06-03 14:37:18.776339	Details available In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. Published: 2017-12-20T22:00:00.000Z Updated: 2024-08-05T14:55:35.779Z Open on db.gcve.eu Reference links https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5257`	vulnerable	2026-06-03 14:37:18.775972	Details available In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. Published: 2017-12-20T22:00:00.000Z Updated: 2024-08-05T14:55:35.818Z Open on db.gcve.eu Reference links https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5256`	vulnerable	2026-06-03 14:37:18.775610	Details available In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. Published: 2017-12-20T22:00:00.000Z Updated: 2024-08-05T14:55:35.813Z Open on db.gcve.eu Reference links https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5255`	vulnerable	2026-06-03 14:37:18.775220	Details available In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. Published: 2017-12-20T22:00:00.000Z Updated: 2024-08-05T14:55:35.811Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/43413/ https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-5254`	vulnerable	2026-06-03 14:37:18.774149	Details available In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Published: 2017-12-20T22:00:00.000Z Updated: 2024-08-05T14:55:35.703Z Open on db.gcve.eu Reference links https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.