diff --git a/pkg/wwan/mmagent/go.mod b/pkg/wwan/mmagent/go.mod
index 0802e28d6a..b98261655a 100644
--- a/pkg/wwan/mmagent/go.mod
+++ b/pkg/wwan/mmagent/go.mod
@@ -4,7 +4,7 @@ go 1.21
 
 require (
 	github.com/godbus/dbus/v5 v5.1.0
-	github.com/lf-edge/eve/pkg/pillar v0.0.0-20240417234153-53dbc10640ca
+	github.com/lf-edge/eve/pkg/pillar v0.0.0-20240707181159-e6f9597bf316
 	github.com/miekg/dns v1.1.55
 	github.com/sirupsen/logrus v1.9.3
 	github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
diff --git a/pkg/wwan/mmagent/go.sum b/pkg/wwan/mmagent/go.sum
index 241f041c14..9cae0b9d39 100644
--- a/pkg/wwan/mmagent/go.sum
+++ b/pkg/wwan/mmagent/go.sum
@@ -48,8 +48,8 @@ github.com/lf-edge/eve-api/go v0.0.0-20240405192828-57b8263b8048 h1:Z0eG6ILyCUUa
 github.com/lf-edge/eve-api/go v0.0.0-20240405192828-57b8263b8048/go.mod h1:ot6MhAhBXapUDl/hXklaX4kY88T3uC4PTg0D2wD8DzA=
 github.com/lf-edge/eve/pkg/kube/cnirpc v0.0.0-20240315102754-0f6d1f182e0d h1:tUBb9M6u42LXwHAYHyh22wJeUUQlTpDkXwRXalpRqbo=
 github.com/lf-edge/eve/pkg/kube/cnirpc v0.0.0-20240315102754-0f6d1f182e0d/go.mod h1:Nn3juMJJ1G8dyHOebdZyS4jOB/fuxAd5fIajBaWjHr8=
-github.com/lf-edge/eve/pkg/pillar v0.0.0-20240417234153-53dbc10640ca h1:pNlM0qUxLNelkgb5JVIlcXPNy/2EWCVRev7OtkHMUh0=
-github.com/lf-edge/eve/pkg/pillar v0.0.0-20240417234153-53dbc10640ca/go.mod h1:N64mWKjr3OghMhpAI+2RFj4didjqHTrljhiNw/J3Sf4=
+github.com/lf-edge/eve/pkg/pillar v0.0.0-20240707181159-e6f9597bf316 h1:mVXJy1l/rPbyfYolWfkeZ9kr7pmJCkHcrfyzOnWXU94=
+github.com/lf-edge/eve/pkg/pillar v0.0.0-20240707181159-e6f9597bf316/go.mod h1:N64mWKjr3OghMhpAI+2RFj4didjqHTrljhiNw/J3Sf4=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
diff --git a/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dns.go b/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dns.go
index b900dd0ddc..38cb6b2a87 100644
--- a/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dns.go
+++ b/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dns.go
@@ -29,12 +29,16 @@ type DeviceNetworkStatus struct {
 }
 
 type NetworkPortStatus struct {
-	IfName         string
-	Phylabel       string // Physical name set by controller/model
-	Logicallabel   string
-	Alias          string // From SystemAdapter's alias
-	IsMgmt         bool   // Used to talk to controller
-	IsL3Port       bool   // True if port is applicable to operate on the network layer
+	IfName       string
+	Phylabel     string // Physical name set by controller/model
+	Logicallabel string
+	Alias        string // From SystemAdapter's alias
+	IsMgmt       bool   // Used to talk to controller
+	IsL3Port     bool   // True if port is applicable to operate on the network layer
+	// InvalidConfig is used to flag port config which failed parsing or (static) validation
+	// checks, such as: malformed IP address, undefined required field, IP address not inside
+	// the subnet, etc.
+	InvalidConfig  bool
 	Cost           uint8
 	Dhcp           DhcpType
 	Type           NetworkType // IPv4 or IPv6 or Dual stack
@@ -210,7 +214,9 @@ func (status DeviceNetworkStatus) MostlyEqual(status2 DeviceNetworkStatus) bool
 			p1.Alias != p2.Alias ||
 			p1.IsMgmt != p2.IsMgmt ||
 			p1.IsL3Port != p2.IsL3Port ||
-			p1.Cost != p2.Cost {
+			p1.InvalidConfig != p2.InvalidConfig ||
+			p1.Cost != p2.Cost ||
+			p1.MTU != p2.MTU {
 			return false
 		}
 		if p1.Dhcp != p2.Dhcp ||
diff --git a/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dpc.go b/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dpc.go
index bd109f8d22..bad568e090 100644
--- a/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dpc.go
+++ b/pkg/wwan/mmagent/vendor/github.com/lf-edge/eve/pkg/pillar/types/dpc.go
@@ -52,6 +52,9 @@ const (
 	// DPCStateAsyncWait : waiting for some config operations to finalize which are
 	// running asynchronously in the background.
 	DPCStateAsyncWait
+	// DPCStateWwanWait : waiting for the wwan microservice to apply the latest
+	// cellular configuration.
+	DPCStateWwanWait
 )
 
 // String returns the string name
@@ -75,6 +78,8 @@ func (status DPCState) String() string {
 		return "DPC_REMOTE_WAIT"
 	case DPCStateAsyncWait:
 		return "DPC_ASYNC_WAIT"
+	case DPCStateWwanWait:
+		return "DPC_WWAN_WAIT"
 	default:
 		return fmt.Sprintf("Unknown status %d", status)
 	}
@@ -355,10 +360,12 @@ func (config *DevicePortConfig) DoSanitize(log *base.LogObject,
 
 // CountMgmtPorts returns the number of management ports
 // Exclude any broken ones with Dhcp = DhcpTypeNone
-func (config *DevicePortConfig) CountMgmtPorts() int {
+// Optionally exclude mgmt ports with invalid config
+func (config *DevicePortConfig) CountMgmtPorts(onlyValidConfig bool) int {
 	count := 0
 	for _, port := range config.Ports {
-		if port.IsMgmt && port.Dhcp != DhcpTypeNone {
+		if port.IsMgmt && port.Dhcp != DhcpTypeNone &&
+			!(onlyValidConfig && port.InvalidConfig) {
 			count++
 		}
 	}
@@ -434,7 +441,7 @@ func (config DevicePortConfig) IsDPCUntested() bool {
 // IsDPCUsable - checks whether something is invalid; no management IP
 // addresses means it isn't usable hence we return false if none.
 func (config DevicePortConfig) IsDPCUsable() bool {
-	mgmtCount := config.CountMgmtPorts()
+	mgmtCount := config.CountMgmtPorts(true)
 	return mgmtCount > 0
 }
 
@@ -511,9 +518,13 @@ type NetworkPortConfig struct {
 	Alias        string // From SystemAdapter's alias
 	// NetworkUUID - UUID of the Network Object configured for the port.
 	NetworkUUID uuid.UUID
-	IsMgmt      bool  // Used to talk to controller
-	IsL3Port    bool  // True if port is applicable to operate on the network layer
-	Cost        uint8 // Zero is free
+	IsMgmt      bool // Used to talk to controller
+	IsL3Port    bool // True if port is applicable to operate on the network layer
+	// InvalidConfig is used to flag port config which failed parsing or (static) validation
+	// checks, such as: malformed IP address, undefined required field, IP address not inside
+	// the subnet, etc.
+	InvalidConfig bool
+	Cost          uint8 // Zero is free
 	DhcpConfig
 	ProxyConfig
 	L2LinkConfig
@@ -720,9 +731,14 @@ func (ap CellularAccessPoint) Equal(ap2 CellularAccessPoint) bool {
 		ap.APN != ap2.APN {
 		return false
 	}
+	enc1 := ap.EncryptedCredentials
+	enc2 := ap2.EncryptedCredentials
 	if ap.AuthProtocol != ap2.AuthProtocol ||
-		// TODO (how to properly detect changed username/password ?)
-		!reflect.DeepEqual(ap.EncryptedCredentials, ap2.EncryptedCredentials) {
+		enc1.CipherBlockID != enc2.CipherBlockID ||
+		enc1.CipherContextID != enc2.CipherContextID ||
+		!bytes.Equal(enc1.InitialValue, enc2.InitialValue) ||
+		!bytes.Equal(enc1.CipherData, enc2.CipherData) ||
+		!bytes.Equal(enc1.ClearTextHash, enc2.ClearTextHash) {
 		return false
 	}
 	if !generics.EqualLists(ap.PreferredPLMNs, ap2.PreferredPLMNs) ||
diff --git a/pkg/wwan/mmagent/vendor/modules.txt b/pkg/wwan/mmagent/vendor/modules.txt
index debd0a39eb..1774da0e5c 100644
--- a/pkg/wwan/mmagent/vendor/modules.txt
+++ b/pkg/wwan/mmagent/vendor/modules.txt
@@ -59,7 +59,7 @@ github.com/lf-edge/eve-api/go/profile
 # github.com/lf-edge/eve/pkg/kube/cnirpc v0.0.0-20240315102754-0f6d1f182e0d
 ## explicit; go 1.20
 github.com/lf-edge/eve/pkg/kube/cnirpc
-# github.com/lf-edge/eve/pkg/pillar v0.0.0-20240417234153-53dbc10640ca
+# github.com/lf-edge/eve/pkg/pillar v0.0.0-20240707181159-e6f9597bf316
 ## explicit; go 1.21
 github.com/lf-edge/eve/pkg/pillar/agentbase
 github.com/lf-edge/eve/pkg/pillar/agentlog