Lucene search
PRIOn knowledge basePRION:CVE-2022-36267HistoryAug 08, 2022 - 3:15 p.m.
Command injection
2022-08-0815:15:00
PRIOn knowledge base
www.prio-n.com
6
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
| CPE | Name | Operator | Version |
|---|---|---|---|
| airspot_5410_firmware | eq | <= 0.3.4.1-4 |
Related
nvd
nvd
CVE-2022-36267
2022-08-08 15:15:09
cve
cve
CVE-2022-36267
2022-08-08 15:15:09
checkpoint_advisories
checkpoint_advisories
Airspan AirSpot 5410 Command Injection (CVE-2022-36267)
2022-11-23 00:00:00
githubexploit
githubexploit
Exploit for CVE-2022-36267
2024-01-08 22:23:57
attackerkb
attackerkb
CVE-2022-36267
2022-08-08 00:00:00
cvelist
cvelist
CVE-2022-36267
2022-08-08 14:34:15
zdt
zdt
AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit
2022-08-10 00:00:00
packetstorm
packetstorm
AirSpot 5410 0.3.4.1-4 Remote Command Injection
2022-08-10 00:00:00
exploitdb
exploitdb
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
2022-09-20 00:00:00