Vulnerabilities in Airspan
7 resultsCVE-2022-36309—Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter ofEPSS 24.1%CVE-2022-36310—Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker EPSS 1.3%CVE-2022-36306—An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web seEPSS 0.8%CVE-2022-36308—Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores EPSS 0.6%CVE-2022-36311—Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in thEPSS 0.4%CVE-2022-36312—Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect otheEPSS 0.3%CVE-2022-36307—The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 softwaEPSS 0.3%