In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows (or guesses) the SNMP read/write (RW) community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user.
CPE | Name | Operator | Version |
---|---|---|---|
epmp_1000_firmware | le | 3.5 | |
epmp_2000_firmware | le | 3.5 |