var-201712-0213
Vulnerability from variot
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0213",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epmp 2000",
"scope": "lte",
"trust": 1.0,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 1000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "epmp 2000",
"scope": null,
"trust": 0.8,
"vendor": "cambium",
"version": null
},
{
"model": "networks epmp",
"scope": "lte",
"trust": 0.6,
"vendor": "cambium",
"version": "\u003c=3.5"
},
{
"model": "epmp 1000",
"scope": "eq",
"trust": 0.6,
"vendor": "cambiumnetworks",
"version": "3.5"
},
{
"model": "epmp 2000",
"scope": "eq",
"trust": 0.6,
"vendor": "cambiumnetworks",
"version": "3.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cambiumnetworks:epmp_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cambiumnetworks:epmp_2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5254"
}
]
},
"cve": "CVE-2017-5254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5254",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-01046",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-113457",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5254",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5254",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-01046",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113457",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users \u0027installer\u0027 and \u0027home\u0027 have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism. Cambium Networks ePMP Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CambiumNetworksePMP is a wireless network access platform of Cambium Networks Inc. The platform provides features such as video surveillance, Wi-Fi hotspots and sensor connectivity. A security vulnerability exists in CambiumNetworksePMP using firmware versions 3.5 and earlier. This vulnerability stems from the fact that the installer and home accounts can change the passwords of other accounts. An attacker could exploit the vulnerability to bypass password changes in other accounts by bypassing the client protection mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5254",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-01046",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-113457",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"id": "VAR-201712-0213",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
}
],
"trust": 1.6230769
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
}
]
},
"last_update_date": "2023-12-18T14:05:37.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ePMP 1000",
"trust": 0.8,
"url": "https://www.cambiumnetworks.com/products/pmp-distribution/epmp-1000/"
},
{
"title": "ePMP 2000",
"trust": 0.8,
"url": "https://www.cambiumnetworks.com/products/pmp-distribution/epmp-2000/"
},
{
"title": "CambiumNetworksePMP client protection patch to bypass privilege escalation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113505"
},
{
"title": "Cambium Networks ePMP Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99619"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5254"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"db": "VULHUB",
"id": "VHN-113457"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-113457"
},
{
"date": "2018-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"date": "2017-12-20T22:29:00.307000",
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"date": "2017-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01046"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-113457"
},
{
"date": "2018-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011727"
},
{
"date": "2019-10-09T23:28:15.870000",
"db": "NVD",
"id": "CVE-2017-5254"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cambium Networks ePMP Vulnerabilities related to authorization, authority, and access control in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011727"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-413"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.