Back in April 2017, I posted SNMP vulnerabilities in Cambium ePMP devices.
ICS-CERT has now published the advisory for Cambium ePMP SNMP vulnerabilities:
Vendor: Cambium Networks
Vulnerabilities: Improper Access Control, Improper Privilege Management
Cambium ePMP product security, putting it mildly, needs considerable improvement. I will be publishing another set of fresh reports on Cambium devices soon. In case you are using ePMP boxes, or other Cambium appliances, please ensure:
1. your devices are not accessible publicly
2. default account passwords & SNMP community strings are changed to strong values
3. SNMP is filtered at the firewall.
Read on for details.
Metasploit Exploit Module published - Satel Iberia SenNet Data Logger and Electricity Meters Command Injection
This module exploits an OS Command Injection vulnerability in Satel Iberia SenNet Data Loggers & Electricity Meters to perform arbitrary command execution as 'root'.
Read on for demo.