CVE-2022-36309

Опубликовано: 16 авг. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Ссылки

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4
Exploit
Third Party Advisory
https://helpdesk.airspan.com/browse/TRN3-1690
Permissions Required
Vendor Advisory
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4
Exploit
Third Party Advisory
https://helpdesk.airspan.com/browse/TRN3-1690
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*

Версия от 9.3.0.01249 (включая) до 15.18.00.2511 (включая)

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.17729

Средний

8.8 High

CVSS3

Дефекты

CWE-78