Vulnerabilities > Cambiumnetworks > Epmp 1000 > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-20 | CVE-2017-5256 | Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. | 3.5 |
2017-12-20 | CVE-2017-5257 | Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user. | 3.5 |
2017-12-20 | CVE-2017-5258 | Cross-site Scripting vulnerability in Cambiumnetworks Epmp 1000 Firmware and Epmp 2000 Firmware In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using the attacker's supplied config file, including the inserted XSS strings. | 3.5 |