Cambium Networks ePMP Elevation of Privilege Vulnerability

Cambium Networks ePMP is a suite of wireless network access platforms from Cambium Networks, USA. The platform provides video surveillance, Wi-Fi hotspot and sensor connectivity. An elevation of privilege vulnerability exists in Cambium Networks ePMP that stems from a failure to properly restrict...

CVE-2017-7918

An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive...

CVE-2017-7922

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes...

Input validation

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes...

CVE-2017-7922

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes...

CVE-2017-7922

CVE-2017-7922 concerns Cambium Networks ePMP devices. The issue is an improper privilege management in SNMP where privileges for SNMP community strings are not properly restricted, potentially allowing an attacker to access sensitive information and possibly alter device configuration. Public dis...

Cambium Networks ePMP

CVSS v3 7.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Cambium Networks Equipment: ePMP Vulnerabilities: Improper Access Control, Improper Privilege Management AFFECTED PRODUCTS Cambium reports that the vulnerabilities affect the following ePMP Network Access Control...

Jenkins CI Server Multiple Cross-Site Request Forgery (CVE-2017-1000356)

Multiple Cross-Site Request Forgery vulnerabilities exists in Jenkins CI. The vulnerabilities are due to a lack of CSRF protections on certain types of requests. A remote, unauthenticated attacker can exploit these vulnerabilities by enticing an authenticated user to click a maliciously crafted...

CVE-2017-8930

Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...

Authentication flaw

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for...

CVE-2017-3831

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for...

Cross site request forgery (csrf)

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability ca...

CVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make...

Design/Logic Flaw

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make...

Cross site request forgery (csrf)

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY CSRF vulnerability can allow execution of unauthorized actions on the device such as configuration parameter...

CVE-2017-5145

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY CSRF vulnerability can allow execution of unauthorized actions on the device such as configuration parameter...

CVE-2017-5165

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per sensitive function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration...

CVE-2016-5809

Schneider Electric IONXXXX Series Power Meters (ION73XX, ION75XX, ION76XX, ION8650, ION8800, PM5XXX) are affected by CVE-2016-5809 due to lack of a CSRF token during sessions. This enables unauthorized configuration changes to be made and saved. Public materials (e.g., Exploit-DB, Packet Storm, T...

CVE-2016-5815

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make...

BINOM3 Electric Power Quality Meter Unauthorized Operation Vulnerability

BINOM3 Electric Power Quality Meter is an electrical power quality monitor for SCADA systems from the Russian company BINOM3. An unauthorized operation vulnerability exists in BINOM3 Electric Power Quality Meter, which could be exploited by an attacker to perform unauthorized operations on the...