module
Cambium ePMP 1000 SNMP Enumeration
| Disclosed | Created |
|---|---|
| N/A | Jun 14, 2018 |
Disclosed
N/A
Created
Jun 14, 2018
Description
Cambium devices (ePMP, PMP, Force, & others) can be administered using
SNMP. The device configuration contains IP addresses, keys, and passwords,
amongst other information. This module uses SNMP to extract Cambium ePMP device
configuration. On certain software versions, specific device configuration
values can be accessed using SNMP RO string, even though only SNMP RW string
should be able to access them, according to MIB documentation. The module also
triggers full configuration backup, and retrieves the backup url. The
configuration file can then be downloaded without authentication. The module
has been tested on Cambium ePMP versions 3.5 & prior.
SNMP. The device configuration contains IP addresses, keys, and passwords,
amongst other information. This module uses SNMP to extract Cambium ePMP device
configuration. On certain software versions, specific device configuration
values can be accessed using SNMP RO string, even though only SNMP RW string
should be able to access them, according to MIB documentation. The module also
triggers full configuration backup, and retrieves the backup url. The
configuration file can then be downloaded without authentication. The module
has been tested on Cambium ePMP versions 3.5 & prior.
Author
Karn Ganeshen
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.