CVE-2022-36309

EPSS 24.1%CWE-78

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Produtos afetados

Airspan · AirVelocity

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4 https://helpdesk.airspan.com/browse/TRN3-1690