QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5256

Published: Dec 20, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

Vendor	Product	Versions
Cambium Networks	ePMP	affected `3.5 and prior`

Weaknesses (CWE)

References

https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.