CVE-2022-36267 (GCVE-0-2022-36267)

Vulnerability from cvelistv5 – Published: 2022-08-08 14:34 – Updated: 2024-08-03 10:00
Summary
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CWE
  • n/a
Assigner
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2022-36267

Status: Confirmed

Status Updated: 2024-05-15 10:49 UTC

Exploited: Yes


Characteristics
Severity: 98.0

Timestamps
First Seen: 2024-05-15
Asserted: 2024-05-15
Last Seen: 2024-05-15

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Airspan / Airspot 5410 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2024-05-15: 1

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 1
Iot yes
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class router
7D Avg 0
Vendor Airspan
30D Avg 0
90D Avg 0
Product Airspot 5410
Cisa Kev no
Connections 1
Observation Date 2024-05-15
Vulnerability Class CVSS
Vulnerability Score 9.8
Vulnerability Severity Critical

References

Created: 2026-06-30 12:19 UTC | Updated: 2026-06-30 12:29 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2022-36267

Status: Confirmed

Status Updated: 2022-08-08 14:34 UTC

Exploited: Yes


Timestamps
First Seen: 2022-08-08
Asserted: 2022-08-08

Scope
Notes: KEVIntel entry: In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality... | Affected: n/a / n/a | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality...
Vendor n/a
Product n/a
Added Date 2022-08-08T14:34:15.000Z
Cvss Score None
Epss Score None
Cvss Severity None
Epss Percentile None
Used In Malware unknown
Ahead Of Cisa Kev None
Not Yet In Cisa Kev True

References

Created: 2026-06-23 14:06 UTC | Updated: 2026-06-23 14:06 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:00:04.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-10T17:06:27.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833",
              "refsource": "MISC",
              "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"
            },
            {
              "name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf",
              "refsource": "MISC",
              "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"
            },
            {
              "name": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36267",
    "datePublished": "2022-08-08T14:34:15.000Z",
    "dateReserved": "2022-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-03T10:00:04.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-36267",
      "date": "2026-07-06",
      "epss": "0.53752",
      "percentile": "0.98873"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.3.4.1-4\", \"matchCriteriaId\": \"59C409B3-0CFA-48A0-BEF1-AB721401E8EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.\"}, {\"lang\": \"es\", \"value\": \"En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyecci\\u00f3n de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticaci\\u00f3n del usuario cuando se dise\\u00f1a una petici\\u00f3n http maliciosa al inyectar c\\u00f3digo en uno de los par\\u00e1metros permitiendo una ejecuci\\u00f3n de c\\u00f3digo remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede dise\\u00f1ar una petici\\u00f3n espec\\u00edfica e interactuar remotamente con el dispositivo\"}]",
      "id": "CVE-2022-36267",
      "lastModified": "2024-11-21T07:12:41.500",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2022-08-08T15:15:09.083",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-36267\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-08-08T15:15:09.083\",\"lastModified\":\"2026-06-17T04:53:09.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.\"},{\"lang\":\"es\",\"value\":\"En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyecci\u00f3n de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticaci\u00f3n del usuario cuando se dise\u00f1a una petici\u00f3n http maliciosa al inyectar c\u00f3digo en uno de los par\u00e1metros permitiendo una ejecuci\u00f3n de c\u00f3digo remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede dise\u00f1ar una petici\u00f3n espec\u00edfica e interactuar remotamente con el dispositivo\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.3.4.1-4\",\"matchCriteriaId\":\"59C409B3-0CFA-48A0-BEF1-AB721401E8EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…