Monday, January 4, 2016

Cambium ePMP 1000 - Security Researcher Credits received


Cambium ePMP security point of contact (Alex Marcham) reached out today and informed release of new software version 2.6 that fixes all the vulnerabilities I reported.

Alex confirmed security researcher credits to me have been acknowledged & documented now:

Security Researcher Acknowledgments
Cambium Networks is pleased to recognize Karn Ganeshen who have helped make ePMP 1000 safer by finding and reporting security vulnerabilities and worked with us to remediate the issue.

I must mention Cambium's earlier point of contact (Dmitry Moiseev) had played down my reports and ceased all communication after collecting detailed report. That sucked. Later when I released exploitation details to Full Disclosure, Alex contacted me and worked on getting the issues fixed along with due credits.

It is good to know Cambium team has consultants like Alex, who do value & appreciate Responsible Disclosure done by security researchers.



No comments:

Post a Comment


The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.