Vulnerabilites related to airspan - airspot_5410_firmware
Vulnerability from fkie_nvd
Published
2022-08-08 15:15
Modified
2024-11-21 07:12
Severity ?
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html | Broken Link | |
| cve@mitre.org | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | airspot_5410_firmware | * | |
| airspan | airspot_5410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE",
"versionEndIncluding": "0.3.4.1-4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page."
},
{
"lang": "es",
"value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de tipo XSS almacenado. Como el archivo binario /home/www/cgi-bin/login.cgi no comprueba si el usuario est\u00e1 autenticado, un actor malicioso puede dise\u00f1ar una petici\u00f3n espec\u00edfica en el endpoint login.cgi que contenga una carga \u00fatil de tipo XSS codificada en base32 que ser\u00e1 aceptada y almacenada. Un ataque con \u00e9xito resultar\u00e1 en una inyecci\u00f3n de scripts maliciosos en la p\u00e1gina de configuraci\u00f3n del usuario"
}
],
"id": "CVE-2022-36266",
"lastModified": "2024-11-21T07:12:41.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-08T15:15:08.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-08 15:15
Modified
2024-11-21 07:12
Severity ?
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | airspot_5410_firmware | * | |
| airspan | airspot_5410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE",
"versionEndIncluding": "0.3.4.1-4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file."
},
{
"lang": "es",
"value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de carga de archivos arbitraria remota no autenticada que permite sobrescribir archivos arbitrarios. Un actor malicioso puede subir remotamente un archivo de su elecci\u00f3n y sobrescribir cualquier archivo en el sistema al manipular el nombre del archivo y a\u00f1adiendo una ruta relativa que ser\u00e1 interpretada durante el proceso de subida. Usando este m\u00e9todo, es posible reescribir cualquier archivo en el sistema o subir un nuevo archivo"
}
],
"id": "CVE-2022-36264",
"lastModified": "2024-11-21T07:12:41.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-08T15:15:08.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-08 15:15
Modified
2024-11-21 07:12
Severity ?
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | airspot_5410_firmware | * | |
| airspan | airspot_5410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE",
"versionEndIncluding": "0.3.4.1-4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device."
},
{
"lang": "es",
"value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una p\u00e1gina web de comandos del sistema oculta. Tras llevar a cabo una ingenier\u00eda inversa del firmware, se ha detectado que una p\u00e1gina oculta que no aparece en la interfaz de administraci\u00f3n de la administraci\u00f3n permite a un usuario ejecutar comandos de Linux en el dispositivo con privilegios de root. Un actor malicioso autenticado puede usar esta p\u00e1gina para comprometer completamente el dispositivo"
}
],
"id": "CVE-2022-36265",
"lastModified": "2024-11-21T07:12:41.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-08T15:15:08.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-08 15:15
Modified
2024-11-21 07:12
Severity ?
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| airspan | airspot_5410_firmware | * | |
| airspan | airspot_5410 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE",
"versionEndIncluding": "0.3.4.1-4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."
},
{
"lang": "es",
"value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyecci\u00f3n de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticaci\u00f3n del usuario cuando se dise\u00f1a una petici\u00f3n http maliciosa al inyectar c\u00f3digo en uno de los par\u00e1metros permitiendo una ejecuci\u00f3n de c\u00f3digo remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede dise\u00f1ar una petici\u00f3n espec\u00edfica e interactuar remotamente con el dispositivo"
}
],
"id": "CVE-2022-36267",
"lastModified": "2024-11-21T07:12:41.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-08T15:15:09.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-36266 (GCVE-0-2022-36266)
Vulnerability from cvelistv5
Published
2022-08-08 14:35
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | x_refsource_MISC | |
| https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf",
"refsource": "MISC",
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"name": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168114/FLIX-AX8-1.46.16-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36266",
"datePublished": "2022-08-08T14:35:29",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36265 (GCVE-0-2022-36265)
Vulnerability from cvelistv5
Published
2022-08-08 14:36
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | x_refsource_MISC | |
| https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T14:36:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf",
"refsource": "MISC",
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36265",
"datePublished": "2022-08-08T14:36:44",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36264 (GCVE-0-2022-36264)
Vulnerability from cvelistv5
Published
2022-08-08 14:38
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | x_refsource_MISC | |
| https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-08T14:38:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf",
"refsource": "MISC",
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36264",
"datePublished": "2022-08-08T14:38:01",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36267 (GCVE-0-2022-36267)
Vulnerability from cvelistv5
Published
2022-08-08 14:34
Modified
2024-08-03 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 | x_refsource_MISC | |
| https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T17:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833",
"refsource": "MISC",
"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
},
{
"name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf",
"refsource": "MISC",
"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
},
{
"name": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36267",
"datePublished": "2022-08-08T14:34:15",
"dateReserved": "2022-07-18T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}