cvedb.io
CVE-2017-5256
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2017-12-20T22:29:00.400 · Last modified 2026-06-17T01:20:15.230

Summary

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

Affected products

cambiumnetworks — epmp_1000_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when cambiumnetworks ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.