VYPR
Medium severity5.4NVD Advisory· Published Dec 20, 2017· Updated Jun 17, 2026

CVE-2017-5256

CVE-2017-5256

Description

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting (XSS) injection.

Affected products

4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.