ePMP SM's accessible on Wireless IP when they shouldn't be

I’m reporting a major security concern for both Force 200 and Elevate SM’s on versions 4.5.5 and higher. I have some SM’s setup with Public IP’s for customers and for security purposes, we always enable “Separate Wireless Management Interface” and put a private IP in there. When this normally works, the public Wireless IP Address is not accessible by design, which is what we want. We don’t ever want the public IP to be visible to the outside world.

The problem is I did IP scans on our network and found 4 SM’s that are accessible to the public, outside internet (not on our network) where you can ping and reach the login page. This is unacceptable and I’ve opened a ticket with Cambium to report the issue. Has anyone else seen this issue? We’ve configured the SM’s properly according to the manual and tips on the config page. Below is what the tip says that once the separate wireless management option is enabled, the device cannot be managed from the Wireless IP but we’re finding that to be untrue, which is a huge security risk.

Separate Wireless Management Interface:

The Separate Wireless Management Interface is used in [NAT] and [Router] modes. This allows for the device to be managed by a separate wireless management [IP] address which differs from the wireless [IP] address and hence allows the management path and the data path to be separated. Once the Separate Wireless Management Interface is enabled, the device cannot be managed by the “Wireless IP Address”.


Thank you for reporting this.
Could you please send the support ticket number in DM to me please?

Thank you.

DM sent with ticket number.

1 Like

If you place a public IP on the wireless interface then the radio should be accessible via the public IP regardless of the management IP being used. Thatvis unless you have separate customer data vlan and separate management vlan, then you can use the firewall feature to block l3 access to the management interface from the public IP.

This is not true per Cambium’s language in the GUI and user manual. If “Separate Wireless Management Interface” is enabled, the radio should never be accessible at the “Wireless IP Address”.

They’ve acknowledged there’s a bug that is intermittently causing this but haven’t fixed it yet. A reboot temporarily fixes things but the issue creeps back up after time.

1 Like