Back to search
CVE-2022-36265
Published: Aug 8, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833
x_refsource_MISC
https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now