Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.3 views

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

6.1CVSS6.8AI score0.00783EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2024/01/08 10:23 p.m.543 views

Exploit for CVE-2022-36267

CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote C...

9.8CVSS9.8AI score0.53752EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2022/11/23 12:0 a.m.18 views

Airspan AirSpot 5410 Command Injection (CVE-2022-36267)

A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5AI score0.53752EPSS
Exploits5
Saint
Saint
added 2022/09/27 12:0 a.m.112 views

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

8.4AI score
Exploits0
Saint
Saint
added 2022/09/27 12:0 a.m.202 views

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

8.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.86 views

Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)

Exploit Title: Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution RCE Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested on:...

9.8CVSS9.7AI score0.53752EPSS
Exploits5
0day.today
0day.today
added 2022/08/10 12:0 a.m.323 views

AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

9.8CVSS9.6AI score0.53752EPSS
Exploits5
OSV
OSV
added 2022/08/08 3:15 p.m.4 views

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

9.8CVSS6AI score0.53752EPSS
Exploits5References3
ATTACKERKB
ATTACKERKB
added 2022/08/08 3:15 p.m.227 views

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

9.8CVSS7.7AI score0.53752EPSS
In wildExploits5References4
OSV
OSV
added 2022/08/08 3:15 p.m.5 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS5.9AI score0.01257EPSS
Exploits1References2
OSV
OSV
added 2022/08/08 3:15 p.m.4 views

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

7.2CVSS7.2AI score0.01104EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/08 3:15 p.m.7 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS7.5AI score0.01257EPSS
Exploits1References3
NVD
NVD
added 2022/08/08 3:15 p.m.27 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS0.01257EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/08 3:15 p.m.2 views

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

6.1CVSS6.8AI score0.00783EPSS
Exploits3References4
Prion
Prion
added 2022/08/08 3:15 p.m.17 views

Cross site scripting

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

5.8CVSS6.7AI score0.00783EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2022/08/08 3:15 p.m.19 views

Privilege escalation

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

6.4CVSS9.1AI score0.01257EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 2:38 p.m.31 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.3AI score0.01257EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/08 2:36 p.m.26 views

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

7.4AI score0.01104EPSS
Exploits1References2
CVE
CVE
added 2022/08/08 2:36 p.m.60 views

CVE-2022-36265

CVE-2022-36265 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). A hidden, undocumented system command web page in firmware lets an authenticated user execute Linux commands with root privileges, enabling full device compromise. Exploitation details are described across multiple sour...

7.2CVSS7.2AI score0.01104EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/08/08 2:35 p.m.189 views

CVE-2022-36266

CVE-2022-36266 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The issue is a stored XSS vulnerability in the login.cgi endpoint, which does not verify authentication. A malicious request can carry a base32-encoded XSS payload that is stored and later reflected on the user settings...

6.1CVSS6AI score0.00783EPSS
In wildExploits3References3Affected Software1
Rows per page
Query Builder