Back in April 2017, I posted SNMP vulnerabilities in Cambium ePMP devices.
ICS-CERT has now published the advisory for Cambium ePMP SNMP vulnerabilities: https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01
Vendor: Cambium Networks
Vulnerabilities: Improper Access Control, Improper Privilege Management
Cambium ePMP product security, putting it mildly, needs considerable improvement. I will be publishing another set of fresh reports on Cambium devices soon. In case you are using ePMP boxes, or other Cambium appliances, please ensure:
1. your devices are not accessible publicly
2. default account passwords & SNMP community strings are changed to strong values
3. SNMP is filtered at the firewall.
Read on for details.