Cradlepoint recognizes the importance of security and privacy, and we take security issues very seriously. We are committed to communicating and working in a timely manner for any reported security vulnerability, whether from an employee, customer, partner, or other outside party.
Summary: The OpenSSL project released an advisory on October 15th, 2014, which describes the newly discovered vulnerability (CVE-2014-3566). Some Cradlepoint products utilize OpenSSL and are affected by this advisory. Mitigation: Involved upgrading to firmware version 5.2.4 or newer. For more information or instructions on these mitigation steps, consult the Cradlepoint Knowledgebase or contact Cradlepoint Support.
Summary: Cradlepoint was notified of critical security vulnerabilities discovered in the Dnsmasq network service (CVE-2017-14491, et al – see Google article below). Mitigation: In response Cradlepoint incorporated Dnsmasq version 2.78 into its latest NetCloud OS. For more information or instructions on these mitigation steps, consult the Cradlepoint Knowledgebase or contact Cradlepoint Support. Knowledge Article Google Security Blog […]
Summary: Two new vulnerabilities that affect many modern microprocessors were published on January 4th, 2018. Meltdown, only affects Intel CPUs and can be fixed with an operating system patch. Spectre, affects CPUs from AMD and ARM and requires a CPU design change and cannot be fixed in software. These vulnerabilities could allow attackers to read the […]