Lucene search
MitreCVELIST:CVE-2022-36267HistoryAug 08, 2022 - 2:34 p.m.
CVE-2022-36267
2022-08-0814:34:15
mitre
www.cve.org
2
airspan airspot
unauthenticated
remote code execution
vulnerability
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
Related
exploitdb
exploitdb
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
2022-09-20 00:00:00
nvd
nvd
CVE-2022-36267
2022-08-08 15:15:09
checkpoint_advisories
checkpoint_advisories
Airspan AirSpot 5410 Command Injection (CVE-2022-36267)
2022-11-23 00:00:00
prion
prion
Command injection
2022-08-08 15:15:00
cve
cve
CVE-2022-36267
2022-08-08 15:15:09
githubexploit
githubexploit
Exploit for CVE-2022-36267
2024-01-08 22:23:57
attackerkb
attackerkb
CVE-2022-36267
2022-08-08 00:00:00
zdt
zdt
AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit
2022-08-10 00:00:00
packetstorm
packetstorm
AirSpot 5410 0.3.4.1-4 Remote Command Injection
2022-08-10 00:00:00