This exploit demonstrates an OS command injection vulnerability in Cambium Networks ePMP 1000 devices, allowing authenticated users (including low-privileged 'installer' and 'home' users) to execute arbitrary system commands via the Ping and Traceroute functions. The PoC includes HTTP requests that inject commands to dump the /etc/passwd file.
Classification
Working Poc 100%
Target:
Cambium Networks ePMP 1000 < v2.5
Auth required
Prerequisites:
Authenticated access as 'admin', 'installer', or 'home' user · Network access to the target device