CVE-2017-5256
Summary
| CVE | CVE-2017-5256 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-12-20 22:29:00 UTC |
| Updated | 2019-10-09 23:28:00 UTC |
| Description | In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cambiumnetworks | Epmp 1000 | - | All | All | All |
| Hardware | Cambiumnetworks | Epmp 1000 | - | All | All | All |
| Operating System | Cambiumnetworks | Epmp 1000 Firmware | All | All | All | All |
| Hardware | Cambiumnetworks | Epmp 2000 | - | All | All | All |
| Hardware | Cambiumnetworks | Epmp 2000 | - | All | All | All |
| Operating System | Cambiumnetworks | Epmp 2000 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| R7-2017-25: Cambium ePMP and cnPilot Multiple Vulnerabilities | MISC | blog.rapid7.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.