Lucene search

MitreCVE-2022-36264

HistoryAug 08, 2022 - 3:15 p.m.

CVE-2022-36264

2022-08-0815:15:08

CWE-434

mitre

web.nvd.nist.gov

cve-2022-36264

airspan airspot

remote code execution

security vulnerability

unauthenticated upload

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.

Affected configurations

Nvd

Node

airspanairspot_5410_firmwareRange≤0.3.4.1-4

AND

airspanairspot_5410Match-

VendorProductVersionCPE
airspanairspot_5410_firmware*cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*
airspanairspot_5410-cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
airspan	airspot_5410_firmware	*	cpe:2.3:o:airspan:airspot_5410_firmware::::::::
airspan	airspot_5410	-	cpe:2.3:h:airspan:airspot_5410:-:::::::*

References

gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833

wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf

Social References

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

Related for CVE-2022-36264