CVE-2017-7922

HIGH

Cambium Networks ePMP - Improper Privilege Management via SNMP Community Strings

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7922. PoCs published by Karn Ganeshen, including Metasploit module auxiliary/scanner/snmp/epmp1000_snmp_loot.

AI-analyzed exploit summary This Metasploit module exploits SNMP misconfigurations in Cambium ePMP devices to enumerate sensitive information, including credentials, encryption keys, and configuration details. It also triggers a configuration backup that can be downloaded without authentication.

Description

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.

Exploits (1)

metasploit WORKING POC

by Karn Ganeshen · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/snmp/epmp1000_snmp_loot.rb

View Code ZIP pw:eip

This Metasploit module exploits SNMP misconfigurations in Cambium ePMP devices to enumerate sensitive information, including credentials, encryption keys, and configuration details. It also triggers a configuration backup that can be downloaded without authentication.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cambium ePMP 1000 (versions 3.5 and prior)

No auth needed

Prerequisites: SNMP access (read-only or read-write community strings) · Network connectivity to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99083

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01

Scores

CVSS v3 7.6

EPSS 0.0964

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-269

Status published

Products (5)

cambium_networks/epmp_1000_firmware

cambium_networks/epmp_1000_hotspot_firmware

cambium_networks/epmp_2000_firmware

cambium_networks/epmp_elevate_firmware

n/a/Cambium Networks ePMP Cambium Networks ePMP

Published Jun 21, 2017

Tracked Since Feb 18, 2026