{"vulnerability": "CVE-2022-36267", "sightings": [{"uuid": "cf1f3d1e-de22-492e-9cd3-72f9e2ac96c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:01.000000Z"}, {"uuid": "5a9c6476-4292-49b9-8e68-1cff16e00169", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/63", "content": "#exploit\n1. CVE-2023-40713:\nExploiting GOG Galaxy XPC service for privilege escalation in macOS\nhttps://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos\n\n2. CVE-2023-6560:\nio_uring_io_uaddr_map() Dangerous Multi-Page Handling\nhttps://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html\n\n3. CVE-2022-36267:\nAirspan AirSpot 5410 - Unauth Remote CI\nhttps://github.com/0xNslabs/CVE-2022-36267-PoC", "creation_timestamp": "2024-01-10T03:34:04.000000Z"}, {"uuid": "c09552c3-d3d6-4ad9-8b33-5594ff80880f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "seen", "source": "https://t.me/cibsecurity/47741", "content": "\u203c CVE-2022-36267 \u203c\n\nIn Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-08T18:23:55.000000Z"}, {"uuid": "1f3d0d5c-04cf-41c8-bb81-a009a8de7ec2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "published-proof-of-concept", "source": "https://t.me/JerusalemElectronicArmy/179", "content": "#\u0627\u062e\u0628\u0627\u0631_\u0633\u0627\u064a\u0628\u0631 \n\u062a\u0642\u0631\u064a\u0631 \u064a\u062a\u062d\u062f\u062b \u0639\u0646 \u0647\u062c\u0645\u0627\u062a \u062a\u0633\u0645\u0649 Mirai Botnet  \u0644\u0627\u0633\u062a\u0647\u062f\u0627\u0641 \u0623\u062c\u0647\u0632\u0629 Linux \u0648\u0625\u0646\u062a\u0631\u0646\u062a \u0627\u0644\u0623\u0634\u064a\u0627\u0621\n\u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u062a\u0627\u0644\u064a\u0629:\n\n    CVE-2012-4869: FreePBX Elastix Remote Command Execution Vulnerability\n    Gitorious Remote Command Execution Vulnerability\n    CVE-2014-9727: FRITZ!Box Webcam Remote Command Execution Vulnerability\n    Mitel AWC Remote Command Execution Vulnerability\n    CVE-2017-5173: Geutebruck IP Cameras Remote Command Execution Vulnerability\n    CVE-2019-15107: Webmin Command Injection Vulnerability\n    Spree Commerce Arbitrary Command Execution Vulnerability\n    FLIR Thermal Camera Remote Command Execution Vulnerability\n    CVE-2020-8515: DrayTek Vigor Remote Command Execution Vulnerability\n    CVE-2020-15415: DrayTek Vigor Remote Command Injection Vulnerability\n    CVE-2022-36267: Airspan AirSpot Remote Command Execution Vulnerability\n    CVE-2022-26134: Atlassian Confluence Remote Code Execution Vulnerability\n    CVE-2022-4257: C-Data Web Management System Command Injection Vulnerability\n\nhttps://unit42.paloaltonetworks.com/mirai-variant-v3g4/", "creation_timestamp": "2023-02-19T12:43:33.000000Z"}, {"uuid": "c05408d6-30fb-43e8-8e97-3deaa1c9de1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "seen", "source": "https://t.me/arpsyndicate/2754", "content": "#ExploitObserverAlert\n\nCVE-2022-36267\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-36267. In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.\n\nFIRST-EPSS: 0.694210000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-09T14:34:03.000000Z"}, {"uuid": "663bf77f-59b2-464a-adda-7c85b112b123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "seen", "source": "https://t.me/Rootsec_2/2468", "content": "#exploit\n1. CVE-2023-40713:\nExploiting GOG Galaxy XPC service for privilege escalation in macOS\nhttps://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos\n\n2. CVE-2023-6560:\nio_uring_io_uaddr_map() Dangerous Multi-Page Handling\nhttps://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html\n\n3. CVE-2022-36267:\nAirspan AirSpot 5410 - Unauth Remote CI\nhttps://github.com/0xNslabs/CVE-2022-36267-PoC", "creation_timestamp": "2024-08-16T09:01:20.000000Z"}, {"uuid": "c1101ea2-6fa5-4f6f-928a-061c8c953323", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9759", "content": "#exploit\n1. CVE-2023-40713:\nExploiting GOG Galaxy XPC service for privilege escalation in macOS\nhttps://securityintelligence.com/x-force/exploiting-gog-galaxy-xpc-service-privilege-escalation-macos\n\n2. CVE-2023-6560:\nio_uring_io_uaddr_map() Dangerous Multi-Page Handling\nhttps://packetstormsecurity.com/files/176405/io_uring-__io_uaddr_map-Dangerous-Multi-Page-Handling.html\n\n3. CVE-2022-36267:\nAirspan AirSpot 5410 - Unauth Remote CI\nhttps://github.com/0xNslabs/CVE-2022-36267-PoC", "creation_timestamp": "2024-01-10T10:59:58.000000Z"}, {"uuid": "b41943dc-6b96-4526-9594-0d147a4e8baf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36267", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10122", "content": "#exploit\n1. CVE-2023-36049:\nMicrosoft .NET CRLF Injection Arbitrary File Write/Deletion\nhttps://www.zerodayinitiative.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability\n\n2. CVE-2022-36266, CVE-2022-36267, CVE-2022-36264, CVE-2022-36265:\nAirspan AirSpot 5410 Vulnerabilities\nhttps://neroteam.com/blog/airspan-airspot-5410-vulnerability-report", "creation_timestamp": "2024-03-11T07:14:50.000000Z"}]}