CVE-2017-5257

Summary

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

Affected Software

VendorProductVersion RangeStatus
Cambium NetworksePMP3.5 and prioraffected

Weaknesses

  • CWE-79: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

ADP Enrichment

CVE Program Container

Additional References

References