Firmware upgrade path to ePMP version 5.10.2

Fedor · July 29, 2025, 5:17pm

IMPORTAN NOTICE
The updated cybersecurity requirements of the European Union Radio Equipment Directive (RED 2014/53/EU) will become mandatory on August 1, 2025. To comply with these changes, firmware version 5.10.2 and later no longer include the default WPA2 key in the configuration. The SMs still have the WPA2 key preconfigured. It was removed from the configuration on devices operating in AP mode. If the default key was previously in use, SMs may fail to reconnect to the AP after the upgrade.

IMPORTAN NOTICE
A critical issue has been identified on F4625 FCC platforms running firmware version 5.10.2.
The USB GPS receiver may fail to correctly process GPS signals, causing the device to operate in Standard Client mode instead of Fixed Client mode. This can result in a loss of up to 6 dB in uplink RSSI.
We are treating this as a top priority and are actively working on a bug-fix release, which will be available shortly.

Firmware Upgrade Path to ePMP Version 5.10.2

If RADIUS-based SM authentication is used in the network, the upgrade to version 5.10.2 can be completed without any additional pre- or post-upgrade steps.
If a custom (non-default) WPA2 key is used for SM authentication, the upgrade can proceed without requiring any additional pre- or post-upgrade actions.
If the default WPA2 key is used for SM authentication, additional steps are required either before or after the upgrade:
3.1. Deploy a new, non-default WPA2 key across the network before the upgrade.
3.2. Alternatively, apply a WPA2 key template to all APs after upgrading to version 5.10.2.

cnMaestro Template 1
Applies WPA2 Key to APs and SMs if Preferred AP Table is not enabled.

{
    "template_props": {
        "templateName": "",
        "templateDescription": "",
        "device_type": "",
        "version": "5.10.1"
    },
    "device_props": {
		"wirelessInterfaceEncryptionKey":	"Cam39-Tai!wdmv"
    }
}

cnMaestro Template 2
Applies WPA2 Key to APs and SMs if Preferred AP Table is enabled.

{
    "template_props": {
        "templateName": "",
        "templateDescription": "",
        "device_type": "",
        "version": "5.10.1"
    },
    "device_props": {
        "prefferedAPTable": [
            {
                "prefferedListTableEntrySSID": "Cambium-AP",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "4",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP1-Open",
                "prefferedListTableEntryKEY": "",
                "prefferedListTableSecurityMethod": "6",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP2-WPA2",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "5",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP3-EAPTTLS",
                "prefferedListTableEntryKEY": "",
                "prefferedListTableSecurityMethod": "3",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP4-EAPTTLS-Open",
                "prefferedListTableEntryKEY": "",
                "prefferedListTableSecurityMethod": "2",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP5-EAPTTLS-WPA2",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "1",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP6-WPA2-Open",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "4",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP7-EAPTTLS-WPA2-Open",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "0",
                "prefferedListTableEntryBSSID": ""
            },
            {
                "prefferedListTableEntrySSID": "AP8-BSSID-EAPTTLS-WPA2-Open",
                "prefferedListTableEntryKEY": "Cam39-Tai!wdmv",
                "prefferedListTableSecurityMethod": "0",
                "prefferedListTableEntryBSSID": "BC:E6:7C:11:22:33"
            }
        ]
    }
}

crescomm · August 1, 2025, 6:47pm

I would suggest you show wpa3 as default, and also show wpa2 as an option. We never use your default security strings, we our own. Comments?

Eric_Ozrelic · August 1, 2025, 7:01pm

I’m not sure what you’re asking? if you’re already using your own key then nothing needs to be done.

Mathew_Howard · August 6, 2025, 5:35pm

Does this mean that if an SM running 5.10.2 gets reset to default configuration, there won’t be any way to get it to reconnect to an AP without changing the security settings on the SM?

In the past, I’ve been able to change the AP to the default WPA2 key temporarily to allow a defaulted SM (the power sequence sometimes gets triggered when we have power outages, or the customer somehow manages to trigger it fiddling with cables), which can save us a truck roll. I suppose that’s mostly fixed by just disabling reset via power sequence, but it was a nice option to have.

Fedor · August 6, 2025, 9:41pm

The SMs still have the WPA2 key preconfigured. It was removed from the configuration on devices operating in AP mode.

Thank you.