Cambium SNMP Security Vulnerabilities
Late last year, in 2016, I decided to take a look at SNMP implementation in Cambium ePMP appliances. After a few hours of checking out supported OIDs and corresponding device operations, the security issues stood out glaringly. The vendor, to the most part, attributed these (read: pass the ball) to SNMP v1/2c, which is inherently insecure; and IMO, still haven't actually fixed the core issues. Why is this significant? Because, simply put, anyone can easily exploit these flaws to take over ePMP devices, and gather sensitive information.
- Cambium ePMP 1000
- Cambium ePMP 2000
- Cambium PMP XXX
- Cambium ForceXXX models
- Potentially all other models
These vulnerabilities may can allow an attacker to access device configuration as well as make unauthorized changes to the device configuration.
Read on for details & poc.
SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities
SenNet is a trademark of Satel Spain that offers monitoring and remote-control solutions for businesses. Our engineers develop, integrate and test the products of SenNet in our facilities in Madrid (Spain).
1. No access control on the remote shell
2. Shell services running with excessive privileges (superuser)
3. OS Command Injection
4. Insecure Transport
Read on for poc.