Odd. The post says we should be running 3.4-RC7 or later, but 3.4 Final was released a few days ago, and the release notes don't seem to mention this vulnerability.
I may be missing something, but the concern seems to be about the fact that the platform responds to SMNP get and set commands, and the default community strings are shockingly insecure. I'm not sure if there's much more to it than that. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Tyler Treat Sent: Thursday, June 15, 2017 4:36 PM To: af@afmug.com Subject: [AFMUG] Cambium Vulnerability Published This just hit my mailbox. https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01 Apologies if this has already been posted TT <https://ics-cert.us-cert.gov/advisories/ICSA-17-166-01> Cambium Networks ePMP | ICS-CERT ics-cert.us-cert.gov CVSS v3 7.6ATTENTION: Remotely exploitable/low skill level to exploit.Vendor: Cambium NetworksEquipment: ePMPVulnerabilities: Improper Access Control, Improper Privilege ManagementAFFECTED PRODUCTSCambium reports that the vulnerabilities affect the following ePMP Network Access Control products: