CPSEC-2: Enabling Tech Support Mode
2018-10-20 14:25:29
Summary: If an administrator or user enables “Tech Support Mode,” and this mode is not turned off through configuration or through a router reboot, a non-admin user can gain elevated privileges.
Mitigation: Involves disabling the “Tech Support Mode” and disable SSH as required. See Cradlepoint Support. NetCloud OS Patch available 10/1/2018 (6.6.4) for all affected products. For more information or instructions on these mitigation steps, consult the Cradlepoint Knowledgebase or contact Cradlepoint Support.