CVE-2017-7922

HIGH

Cambium Networks Epmp 1000 Firmware - Improper Privilege Management

Title source: rule

Description

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.

Exploits (1)

metasploit WORKING POC

by Karn Ganeshen · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/snmp/epmp1000_snmp_loot.rb

View Code ZIP pw:eip

References (2)

[Third Party Advisory, US Government Resource] http://www.securityfocus.com/bid/99083

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01

Scores

CVSS v3 7.6

EPSS 0.3810

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-269

Status published

Products (5)

cambium_networks/epmp_1000_firmware

cambium_networks/epmp_1000_hotspot_firmware

cambium_networks/epmp_2000_firmware

cambium_networks/epmp_elevate_firmware

n/a/Cambium Networks ePMP Cambium Networks ePMP

Published Jun 21, 2017

Tracked Since Feb 18, 2026