Cambium Networks Services Server (CNSS) - Access Control Flaws
This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.
Cambium Networks Services Server (CNSS) - Official Cambium software tool to manage Cambium ePMP devices
The Cambium Networks Services (CNS) Server is a network management application provided by Cambium Networks to manage ePMP devices.
Centrally manage the distribution of software upgrades to your ePMP network via a standard web browser
Vulnerable versions – 18.104.22.168.3211 - (current at the time of reporting)
Fixed - a patch was released for 22.214.171.124.3211 which fixes these issues
- It is possible for an un-authenticated user to access sensitive configuration files from the server.
- It is possible for a low-privileged user to access restricted, sensitive information.
Read on for details.