QwikSec

Security Database

CVE

CWE

Training

CVE-2022-36309

Published: Aug 16, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Vendor	Product	Versions
Airspan	AirVelocity	affected `unspecified - < 15.18.00.2511`

Weaknesses (CWE)

References

https://helpdesk.airspan.com/browse/TRN3-1690

x_refsource_CONFIRM

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.