What the vulnerability does

01Description

In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.

Key dates

02Disclosure timeline

December 20, 2017 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE