New Metasploit Modules for Cambium ePMP Landed

Cambium ePMP 1000 Login Scanner

This module scans for Cambium ePMP 1000 management login portal(s), and attempts to identify valid credentials. Default login credentials are – admin/admin, installer/installer, home/home and readonly/readonly.

Cambium ePMP 1000 Password Hash Extractor

This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 (<v2.5) device management portal. It requires any one of the following login credentials – admin/admin, installer/installer, home/home – to dump system hashes.


Cambium ePMP 1000 Dump Device Config

This module dumps Cambium ePMP 1000 device configuration file. An ePMP 1000 box has four (4) login accounts – admin/admin, installer/installer, home/home, and readonly/readonly. This module requires any one of the following login credentials – admin / installer / home – to dump device configuration file.



Leave a Reply

Your email address will not be published. Required fields are marked *