CVE-2017-7918
MEDIUMCambium Networks ePMP - Improper Access Control via SNMP Configuration Export
Title source: llmDescription
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99083
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01
Scores
CVSS v3
6.8
EPSS
0.0665
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Details
CWE
CWE-269
CWE-284
Status
published
Products (5)
cambium_networks/epmp_1000_firmware
cambium_networks/epmp_1000_hotspot_firmware
cambium_networks/epmp_2000_firmware
cambium_networks/epmp_elevate_firmware
n/a/Cambium Networks ePMP
Cambium Networks ePMP
Published
Jun 21, 2017
Tracked Since
Feb 18, 2026