7 matches found
Cambium EPMP 1000 Get_chart Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'getchart' Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerability in...
Cambium ePMP1000 - 'get_chart' Shell via Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'getchart' Shell via Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerabilit...
Cambium ePMP1000 3.1-3.5-RC7 Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP1000 'getchart' Shell via Command Injection v3.1-3.5-RC7", 'Description' = % This module exploits an OS Command Injection vulnerabilit...
Cambium ePMP1000 3.1-3.5-RC7 Command Injection Exploit
This Metasploit module exploits an OS Command Injection vulnerability in Cambium ePMP1000 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to set up a reverse netcat shell. The module has been tested on versions...
Cambium ePMP 1000 'get_chart' Command Injection (v3.1-3.5-RC7)
This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 v3.1-3.5-RC7 device management portal. It requires any one of the following login credentials - admin/admin, installer/installer, home/home - to execute arbitrary system commands. This module requires Metasploit:...
CVE-2017-5255
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...
CVE-2017-5255
This CVE affects Cambium Networks ePMP firmware up to v3.5. The web management console lacks input sanitation for certain parameters in the get_chart function, allowing an authenticated user (including a low-privilege readonly user) to inject shell metacharacters in a crafted POST and run OS-leve...