Details of VAR-201511-0406

ID

VAR-201511-0406

TITLE

Cambium Networks ePMP 1000 Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // CNVD: CNVD-2015-08295

DESCRIPTION

An attacker can exploit the vulnerability to execute arbitrary commands. Cambium Networks ePMP 1000 is a wireless network access platform from Cambium Networks. The platform provides features such as video surveillance, Wi-Fi hotspots, and sensor connectivity. Cambium Networks ePMP 1000 has a command injection vulnerability and an authentication bypass vulnerability. Attackers can use these vulnerabilities to execute arbitrary commands, or bypass security restrictions, perform unauthorized operations, gain full control of affected devices, or cause denial of service. Failed exploit attempts will likely result in denial-of-service conditions

Trust: 2.25

sources: CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295 // CNNVD: CNNVD-201512-434 // BID: 77659 // IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // IVD: 1e0c758c-b1a7-4c17-8db0-89b487aa6a47

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // IVD: 1e0c758c-b1a7-4c17-8db0-89b487aa6a47 // CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295

AFFECTED PRODUCTS

vendor:	cambium	model:	networks epmp	scope:	eq	version:	1000	Trust: 1.6
vendor:	cambium	model:	networks epmp	scope:	eq	version:	10000	Trust: 0.3
vendor:	cambium	model:	networks epmp	scope:	ne	version:	10002.5	Trust: 0.3

sources: IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // IVD: 1e0c758c-b1a7-4c17-8db0-89b487aa6a47 // CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295 // BID: 77659

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-08305
value:	HIGH
Trust: 0.6
CNVD:	CNVD-2015-08295
value:	MEDIUM
Trust: 0.6
IVD:	ecaa8e37-57c5-48e7-8686-ce0be3141823
value:	MEDIUM
Trust: 0.2
IVD:	1e0c758c-b1a7-4c17-8db0-89b487aa6a47
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2015-08305
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2015-08295
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ecaa8e37-57c5-48e7-8686-ce0be3141823
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	1e0c758c-b1a7-4c17-8db0-89b487aa6a47
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // IVD: 1e0c758c-b1a7-4c17-8db0-89b487aa6a47 // CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-434

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 77659

PATCH

title:	Cambium Networks ePMP 1000 Command Injection Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/68504	Trust: 0.6
title:	Cambium Networks ePMP 1000 authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchinfo/show/68505	Trust: 0.6

sources: CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295

EXTERNAL IDS

db:	BID	id:	77659	Trust: 2.1
db:	CNVD	id:	CNVD-2015-08295	Trust: 0.8
db:	CNVD	id:	CNVD-2015-08305	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-434	Trust: 0.6
db:	IVD	id:	ECAA8E37-57C5-48E7-8686-CE0BE3141823	Trust: 0.2
db:	IVD	id:	1E0C758C-B1A7-4C17-8DB0-89B487AA6A47	Trust: 0.2

sources: IVD: ecaa8e37-57c5-48e7-8686-ce0be3141823 // IVD: 1e0c758c-b1a7-4c17-8db0-89b487aa6a47 // CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295 // BID: 77659 // CNNVD: CNNVD-201512-434

REFERENCES

url:	http://www.securityfocus.com/bid/77659	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2015/nov/85	Trust: 0.3
url:	http://www.cambiumnetworks.com/products/access/epmp-1000/	Trust: 0.3

sources: CNVD: CNVD-2015-08305 // CNVD: CNVD-2015-08295 // BID: 77659 // CNNVD: CNNVD-201512-434

CREDITS

Karn Ganeshen

Trust: 0.9

sources: BID: 77659 // CNNVD: CNNVD-201512-434

SOURCES

db:	IVD	id:	ecaa8e37-57c5-48e7-8686-ce0be3141823
db:	IVD	id:	1e0c758c-b1a7-4c17-8db0-89b487aa6a47
db:	CNVD	id:	CNVD-2015-08305
db:	CNVD	id:	CNVD-2015-08295
db:	BID	id:	77659
db:	CNNVD	id:	CNNVD-201512-434

LAST UPDATE DATE

2022-05-17T01:46:30.978000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-08305	date:	2015-12-18T00:00:00
db:	CNVD	id:	CNVD-2015-08295	date:	2015-12-17T00:00:00
db:	BID	id:	77659	date:	2015-11-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-434	date:	2015-12-15T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	ecaa8e37-57c5-48e7-8686-ce0be3141823	date:	2015-12-17T00:00:00
db:	IVD	id:	1e0c758c-b1a7-4c17-8db0-89b487aa6a47	date:	2015-12-18T00:00:00
db:	CNVD	id:	CNVD-2015-08305	date:	2015-12-18T00:00:00
db:	CNVD	id:	CNVD-2015-08295	date:	2015-12-17T00:00:00
db:	BID	id:	77659	date:	2015-11-18T00:00:00
db:	CNNVD	id:	CNNVD-201512-434	date:	2015-11-18T00:00:00