CVE-2022-21176 Airspan Networks Mimosa SQL Injection

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information...

CVE-2022-21141 Airspan Networks Mimosa Incorrect Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

CVE-2022-21176 Airspan Networks Mimosa SQL Injection

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an attacker to perform a SQL injection and obtain sensitive information...

CVE-2022-21141 Airspan Networks Mimosa Incorrect Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution...

CVE-2022-21143 Airspan Networks Mimosa OS Command Injection

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands...

CVE-2022-21143 Airspan Networks Mimosa OS Command Injection

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an attacker to inject arbitrary commands...

CVE-2022-21800 Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

CVE-2022-21800 Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed...

CVE-2022-0138 Airspan Networks Mimosa Deserialization of Untrusted Data

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created...

CVE-2022-0138 Airspan Networks Mimosa Deserialization of Untrusted Data

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created...

CVE-2022-21196 Airspan Networks Mimosa Improper Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remo...

CVE-2022-21196 Airspan Networks Mimosa Improper Authorization

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remo...

CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF)

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...

CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF)

This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the server into accessing...

Airspan Networks Mmp Server-Side Request Forgery Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. The Airspan Networks Mmp server-side request forgery vulnerability can be exploited by attackers to force the server to create and execute Web reques...

Airspan Networks Mmp OS Command Injection Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, Inc. Airspan Networks Mmp is vulnerable to an operating system command injection vulnerability, which could be exploited by attackers to inject arbitrary...

Airspan Networks Mmp Code Issue Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S. Airspan Networks Mmp is vulnerable to a code issue that could be exploited by an attacker to pass specially crafted data to the application and create...

Airspan Networks Mmp Authorization Error Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. An authorization error vulnerability exists in Airspan Networks Mmp, which could be exploited by attackers to enable remote code execution, create...

Airspan Networks Mmp SQL注入漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, Inc. Airspan Networks Mmp is vulnerable to SQL injection, which can be exploited by attackers to perform SQL injection and obtain sensitive information...

Airspan Networks Mmp Encryption Issue Vulnerability

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S.A. Airspan Networks Mmp is vulnerable to an encryption issue that could be exploited by attackers to break unlisted passwords...