The following advisory describes three (3) vulnerabilities found in Cambium Network Updater Tool and Networks Services Server.
The Network Updater Tool is “a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an operator does not need to visit each module in the network or even each AP where they would otherwise use the SM Autoupdate capability of the radios”
The Cambium Networks Services (CNS) Server is “a network management application provided by Cambium Networks to manage ePMP devices.”
The vulnerabilities found in Cambium products are:
- Cambium Network Updater Tool (CNUT) – Unauthenticated File Path Traversal
- Cambium Networks Services Server (CNSS) – Unauthenticated Access Control Bypass
- Cambium Networks Services Server (CNSS) – Capture credentials for Device Discovery
An independent security researcher, Karn Ganeshen, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Cambium has released patches to address those vulnerabilities.
For more details: https://help.endian.com/hc/en-us/articles/115012996087 – Support Case 131840