In response to the critical security vulnerabilities discovered in the dnsmasq network service (CVE-2017-14491 and others), Cradlepoint has taken steps to incorporate the dnsmasq version 2.78 into its latest NetCloud OS.
By default configuration, the vulnerability cannot be exploited on the WAN unless the WAN settings have been changed. However, if an attacker is on the LAN/Guest LAN and if exploited, this vulnerability could allow attackers to remotely execute code, forward the contents of process memory, or disrupt service on an affected router. More details of the security flaw can be found by following this link.
Affected products include the full Cradlepoint gateway and router range, and so Cradlepoint recommends that customers upgrade all hardware to NetCloud OS 6.4.2 which will be available from October 30 2017. NetCloud Manager has been patched for all its own affected services. Usernames and passwords are not at risk.
Some customers may have already received a notice direct from Cradlepoint, so apologies if this email is repetitive in its content but Westbase.io wanted to ensure that all customers were notified.
As noted, Cradlepoint’s recommended action is to upgrade to NetCloud OS 6.4.2 as soon as it is available.
In the interim period before the latest OS is released however, the company also recommends that customers disable guest access on routers temporarily via:
NETWORKING > Local Networks > Local IP Networks.
Once the firmware has been upgraded, guest access can be re-enabled.
If you have any further questions or concerns please do not hesitate to reach out to our support team by emailing firstname.lastname@example.org.