CVE-2022-36267
- EPSS 74.74%
- Published 08.08.2022 15:15:09
- Last modified 21.11.2024 07:12:41
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in on...
CVE-2022-36264
- EPSS 1.38%
- Published 08.08.2022 15:15:08
- Last modified 21.11.2024 07:12:41
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any fi...
CVE-2022-36265
- EPSS 0.51%
- Published 08.08.2022 15:15:08
- Last modified 21.11.2024 07:12:41
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allo...
CVE-2022-36266
- EPSS 0.31%
- Published 08.08.2022 15:15:08
- Last modified 21.11.2024 07:12:41
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi e...