Cambium Network Updater Tool (CNUT) - File Path Traversal
This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.
Cambium Network Updater Tool (CNUT) - Official Cambium software tool to manage Cambium Devices
The Network Updater Tool is a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an operator does not need to visit each module in the network or even each AP where they would otherwise use the SM Autoupdate capability of the radios.
Vulnerable versions – 4.11.2 - (current at the time of reporting)
Fixed - versions > 4.11.2
It is possible for an un-authenticated user to read arbitrary files off of the file system.
Read on for details.