QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36306

Published: Aug 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.

Vendor	Product	Versions
Airspan	AirVelocity	affected `unspecified - <= 15.18.00.2511`

Weaknesses (CWE)

References

https://helpdesk.airspan.com/browse/TRN3-1691

x_refsource_CONFIRM

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.