CVE-2022-21141
📋 TL;DR
This critical vulnerability affects Cambium Networks wireless devices, allowing attackers to bypass authorization checks on API functions. Attackers can achieve remote code execution, create denial-of-service conditions, and access sensitive information. Organizations using affected Cambium MMP, PTP C-series, or PTMP C-series/A5x devices are at risk.
💻 Affected Systems
- Cambium Networks MMP
- Cambium Networks PTP C-series
- Cambium Networks PTMP C-series
- Cambium Networks PTMP A5x
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to execute arbitrary code, disrupt network operations, steal sensitive configuration data, and pivot to other network segments.
Likely Case
Unauthorized access to device management functions leading to configuration changes, service disruption, and potential data exfiltration.
If Mitigated
Limited impact if devices are behind firewalls with strict access controls, but still vulnerable to internal threats.
🎯 Exploit Status
The vulnerability requires no authentication and affects multiple API endpoints, making exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: MMP: v1.0.3; PTP C-series: v2.8.6.1; PTMP C-series and A5x: v2.5.4.1
Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02
Restart Required: Yes
Instructions:
1. Download the appropriate firmware update from Cambium Networks support portal. 2. Backup device configuration. 3. Apply firmware update through device web interface or CLI. 4. Reboot device. 5. Verify firmware version matches patched version.
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected devices in separate network segments with strict firewall rules limiting access to management interfaces.
Access Control Lists
allImplement network ACLs to restrict access to device management ports (typically HTTP/HTTPS) to authorized management stations only.
🧯 If You Can't Patch
- Immediately isolate affected devices from internet exposure and restrict internal network access
- Implement strict network monitoring for unusual API calls or configuration changes to affected devices
🔍 How to Verify
Check if Vulnerable:
Check device firmware version via web interface (System > Status) or CLI using 'show version' command and compare against vulnerable versions.Check Version:
show version (CLI) or check System > Status in web interfaceVerify Fix Applied:
Confirm firmware version matches patched versions: MMP ≥1.0.3, PTP C-series ≥2.8.6.1, PTMP C-series/A5x ≥2.5.4.1📡 Detection & Monitoring
Log Indicators:
- Unauthorized API access attempts
- Unexpected configuration changes
- Multiple failed authentication attempts followed by successful API calls
Network Indicators:
- Unusual traffic to device management ports from unauthorized IPs
- API calls to vulnerable endpoints without authentication
SIEM Query:
source="cambium_device" AND (http_status=200 OR http_status=401) AND (uri_path="/api/*" OR uri_path="/cgi-bin/*") AND NOT src_ip IN [authorized_management_ips]