Vulnerability Details CVE-2017-5258
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2017-5258
-
cpe:2.3:h:cambiumnetworks:epmp_1000:-
-
cpe:2.3:h:cambiumnetworks:epmp_2000:-
-
cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:-
-
cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:3.5
-
cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:-
-
cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:3.5