Cambium Networks Security Advisory
CVE-2017-7918 CVSSv3 Score: 6.8
CVE-2017-7922 CVSSv3 Score: 7.6
In ePMP systems, an attacker can get sensitive information if he/she is aware of the public SNMP community string.
After a valid user has used SNMP configuration export using private SNMP community string, an attacker is able to retrieve the backup file via SNMP using public community string.
All ePMP products
Fixed in Software
3.4-RC7 (and therefore included in official release 3.4)
It is recommended that users change default SNMP configuration. ePMP comes with the default “public” and “private” for RO (read only) and RW (read-write) community strings. Cambium recommends changing this to a random string consisting of eight or more characters in length, including both upper and lower case letters and numbers for variability.
It is also recommended to ensure that management(HTTP/HTTPs/SNMP) is not accessible from the Internet.
Exploitation and Public Announcements
Researcher Karn Ganeshen identified these vulnerabilities.