ID
VAR-E-201511-0003
TITLE
Cambium Networks ePMP 1000 Multiple Command Injection and Authorization Bypass Vulnerabilities
Trust: 0.3
DESCRIPTION
Cambium Networks ePMP 1000 is prone to multiple command-injection vulnerabilities and multiple authorization-bypass vulnerabilities.
Exploiting these issues could allow an attacker to execute arbitrary commands, or to bypass security restrictions and perform unauthorized actions to gain full control of the affected device. Failed exploit attempts will likely result in denial-of-service conditions.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | cambium | model: | networks epmp | scope: | eq | version: | 10000 | Trust: 0.3 |
| vendor: | cambium | model: | networks epmp | scope: | ne | version: | 10002.5 | Trust: 0.3 |
EXPLOIT
The researcher who discovered these issues has created a proof-of-concept. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Karn Ganeshen
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 77659 | Trust: 0.3 |
REFERENCES
| url: | http://seclists.org/fulldisclosure/2015/nov/85 | Trust: 0.3 |
| url: | http://www.cambiumnetworks.com/products/access/epmp-1000/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 77659 |
LAST UPDATE DATE
2022-07-27T09:42:36.582000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 77659 | date: | 2015-11-18T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 77659 | date: | 2015-11-18T00:00:00 |