COVID-19 EMERGENCY RESPONSE We stand with our partners, business customers, and especially our first and emergency responders on the front lines of this crisis. Read More

CPSEC-15: Device population shares same SSL/TLS & SSH keys

October 19, 2018

Summary: Cradlepoint devices are provisioned with SSL/TLS certificates and SSH host keys that are shared across subsets of the Cradlepoint device population. This sharing enables an attacker to recover the private key material from a device or firmware image and use it against another Cradlepoint administrator to implement a man-in-the-middle attack.

Mitigation: Involved upgrading to firmware version 7.0.0 or newer. For more information or instructions on these mitigation steps, consult the Cradlepoint Knowledgebase or contact Cradlepoint Support.

Knowledge Article