{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T13:40:29.501","vulnerabilities":[{"cve":{"id":"CVE-2017-5255","sourceIdentifier":"cve@rapid7.com","published":"2017-12-20T22:29:00.353","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root."},{"lang":"es","value":"En versiones de firmware 3.5 y anteriores de Cambium Networks ePMP, la falta de saneamiento de valores de entrada para determinados parámetros en la consola de gestión web permite que cualquier usuario autenticado (incluyendo el usuario de privilegios bajos readonly) inyecte metacaracteres shell como parte de una petición POST especialmente manipulada en la función get_chart y ejecute comandos a nivel de sistema operativo de manera efectiva como root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cambiumnetworks:epmp_1000_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"C34AD2DB-DB83-4A97-9754-4EED41AB7738"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cambiumnetworks:epmp_1000:-:*:*:*:*:*:*:*","matchCriteriaId":"E1DBFE3B-C808-4CE0-A100-860EC50EFED0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cambiumnetworks:epmp_2000_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"EAB69F4D-5CE6-4ED9-A93C-F79FEB0EE6A4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cambiumnetworks:epmp_2000:-:*:*:*:*:*:*:*","matchCriteriaId":"4DD13A30-1185-4F9F-BE71-54520BC857BA"}]}]}],"references":[{"url":"https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/","source":"cve@rapid7.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43413/","source":"cve@rapid7.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43413/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}