Hi just a heads up.Looks like CVE-2022-35908 has been listed with a score of 8.8

Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.

From what I can tell the XV Series AP’s got this in 6.4.2 and E series AP’s got this patch in 4.2.3 if I read the patch notes correctly though Cambium can confirm.

I don’t see the CVE listed on Security Updates - English
so probably needs to be updated.
NO POC Code at this time.

1 Like

@djdrastic , thanks for the note.

I am also confirming officially on behalf of Cambium that the issue has been fixed in the 6.4.2 release for Wi-Fi 6/6E (XV/XE) series APs, and the 4.2.3 release for the cnPilot series APs.

1 Like