19 Dec 2017

Cambium ePMP and cnPilot Multiple Vulnerabilities

Back in Sep 2017, I reported multiple 0-day vulnerabilities, in the Cambium ePMP and cnPilot product lines, to Rapid7 for a coordinated disclosure. The disclosure went smooth and easier than I had expected. Thanks Tod, Jon, & team.!

Rapid7 report is now available here:

All versions prior to ePMP v3.5.1 and cnPilot v4.4, are affected. This disclosure brings to you 10 CVEs4 new cnPilot modules, 4 new ePMP modules, 5 updated ePMP modules, and 2 new mixins for Cambium ePMP and cnPilot, for future modules.

All 13 Metasploit modules are ready to play with now.

Read on for details..

Read more