NEW R2100 Series 5G Ruggedized Router — Built for the Roof of Vehicles and IoT Learn More

Discover Cradlepoint near you

We have dedicated teams in regions the world over. We’re here to answer your questions and connect you with the perfect Wireless WAN solution for your unique business needs.

Asia-Pacific
North America
Latin America
Africa
Europe

For a full list of where our solutions are available, please visit our Availability Page.


CVE-2021-37471: Denial of Console Availability Using Restricted Shell Escape Sequences

2021-11-09 00:00:57

SUMMARY:

An authenticated user on NetCloud OS (NCOS) versions before 7.21.80 can run restricted shell escape sequences that provide the authenticated user the capability to simultaneously deny availability to the device’s NetCloud Manager console, local console and SSH command-line. If your Cradlepoint device is configured for local administration and your NCOS credentials are default or have been compromised, a threat actor could use this vulnerability to perform a denial of service. However, the user is already authenticated as an NCOS admin and could make configuration changes that would result in the same denial of service.

 


 

Products Affected: Cradlepoint endpoints running NCOS versions earlier than 7.21.80

Recommendations: Upgrade to the latest NCOS version, change device default passwords, use strong passphrases, prevent unauthorized disclosure of credentials, disable local admin access on all NCOS LANs, and manage Cradlepoint endpoints from NetCloud Manager.

Related CVEs: CVE-2021-37471