Vulnerabilities > Cambiumnetworks > Epmp 1000 Firmware > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-20 | CVE-2017-5254 | Improper Privilege Management vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. | 9.0 |
2017-12-20 | CVE-2017-5255 | OS Command Injection vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root. | 9.0 |