05 Jan 2018

Cambium Network Updater Tool (CNUT) – Unauthenticated File Path Traversal

Cambium Network Updater Tool (CNUT) - File Path Traversal

This 0-day report was submitted to Cambium via Beyond Trust's SSD program and resolved back in November 2017. Forgot to push this out. Publishing the report now.

Cambium Network Updater Tool (CNUT) - Official Cambium software tool to manage Cambium Devices

The Network Updater Tool is a free-of-charge tool that applies packages to upgrade the device types that the release notes for the release that you are using list as supported. Because this tool is available, an operator does not need to visit each module in the network or even each AP where they would otherwise use the SM Autoupdate capability of the radios.

Vulnerable versions – 4.11.2 - (current at the time of reporting)

Fixed - versions > 4.11.2

Vulnerability Summary
It is possible for an un-authenticated user to read arbitrary files off of the file system.

Read on for details.

Read more