In ePMP systems, an attacker can get sensitive information if he/she is aware of the public SNMP community string.
After a valid user has used SNMP configuration export using private SNMP community string, an attacker is able to retrieve the backup file via SNMP using public community string.
It is recommended that users change default SNMP configuration. ePMP comes with the default “public” and “private” for RO (read only) and RW (read-write) community strings. Cambium recommends changing this to a random string consisting of eight or more characters in length, including both upper and lower case letters and numbers for variability.
It is also recommended to ensure that management(HTTP/HTTPs/SNMP) is not accessible from the Internet.
1. Disabled access to sensitive fields(eg WPA2 key) using public community string 2. Disabled access to backup file location using public community string 3. Backup file location now contains UUID token to avoid enumeration attack(e.g. 3.2.2_5e6d8d38-1ed5-11e7-93ae-92361f002671.json)
Those of you not having default SNMP community strings or ePMP's management interfaces publicly accessible are safe.
Chris, many of us don’t log into the gui at first go, batched and scriped and sent to the field. Much easier to do 20 radios at a time this way. Disabling ssh and snmp would slow down the bulk users of these radios.
I figured it was asking to much, with our company the installers have a config file and they program them. Upon completion of install they call in to get it signed off and we do the finishing touches.
I should have considered the other methods prior to posting.
I can see the appeal of being able to disable SNMP entirely if you don't utilize it - but have to agree that disabled out-of-the-box would seriously impair our preconfig process. If it's an option to disable it, then those who don't want it could include that disable in their default config.