Описание
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
Ссылки
- ExploitMitigationThird Party Advisory
- ProductThird Party Advisory
- ExploitMitigationThird Party Advisory
- ProductThird Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.2 High
CVSS3
Дефекты
Связанные уязвимости
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
EPSS
7.2 High
CVSS3