CVE-2017-7918

MEDIUM

Cambium Networks Epmp 1000 Firmware - Improper Access Control

Title source: rule

Description

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.

References (2)

[Third Party Advisory, US Government Resource] http://www.securityfocus.com/bid/99083

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01

Scores

CVSS v3 6.8

EPSS 0.4223

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Details

CWE

CWE-284 CWE-269

Status published

Products (5)

cambium_networks/epmp_1000_firmware

cambium_networks/epmp_elevate_firmware

cambium_networks/epmp_2000_firmware

cambium_networks/epmp_1000_hotspot_firmware

n/a/Cambium Networks ePMP < Cambium Networks ePMP

Published Jun 21, 2017

Tracked Since Feb 18, 2026