Discover Cradlepoint near you

We have dedicated teams in regions the world over. We’re here to answer your questions and connect you with the perfect Wireless WAN solution for your unique business needs.

North America
Latin America

For a full list of where our solutions are available, please visit our Availability Page.

Security Bulletin - 2022-001: Activity Log Secrets Non-Public Information

2022-11-03 23:28:35

Cradlepoint became aware of the potential for information not intended to be included in activity logs or to have been written to the logs on Cradlepoint routers running NCOS (NETCLOUD OPERATING SYSTEM) 7.21.40. or newer operating systems prior to October 21, 2022.

The issue stems from a change to the Cradlepoint NCOS configuration released on April 5th, 2021. This applied only if an Individual Configuration Change was made involving secrets, i.e., passwords, the secret would be recorded in the Activity Log in clear text. The secrets recorded in the Activity Logs would be items such as the passwords for configuration items like Wi-Fi or VPN tunnel passwords. NCM and NCOS passwords were not exposed in the Activity Logs. If you made Group Configuration Changes, your Cradlepoint routers are not affected by this issue. Any authenticated user of NetCloud Manager would have already been able to see these in the configuration within NetCloud Manager, however, it may not be expected for this information to be readable in the Activity Log.

In an abundance of caution and in an effort to enhance security Cradlepoint issued and applied a fix as of October 21, 2022. All secrets data in the individual configuration Activity Log have been masked to remove the ability to view the data in the Activity Logs for all Cradlepoint systems. As always, we encourage our customers to update and maintain current operating systems and change all default passwords to maintain good security hygiene.