Lucene search

MitreCVE-2022-36265

HistoryAug 08, 2022 - 3:15 p.m.

CVE-2022-36265

2022-08-0815:15:08

mitre

web.nvd.nist.gov

cve-2022-36265

airspan airspot 5410

firmware vulnerability

hidden page

root privileges

device compromise

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.

Affected configurations

Nvd

Node

airspanairspot_5410_firmwareRange≤0.3.4.1-4

AND

airspanairspot_5410Match-

VendorProductVersionCPE
airspanairspot_5410_firmware*cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*
airspanairspot_5410-cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
airspan	airspot_5410_firmware	*	cpe:2.3:o:airspan:airspot_5410_firmware::::::::
airspan	airspot_5410	-	cpe:2.3:h:airspan:airspot_5410:-:::::::*

References

gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833

wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf

Social References

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

Related for CVE-2022-36265