132 matches found
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
Cross site scripting
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
Privilege escalation
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
Design/Logic Flaw
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...
Command injection
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
CVE-2022-36264
Airspan AirSpot 5410 (versions up to 0.3.4.1-4 and earlier) is affected by an unauthenticated remote Arbitrary File Upload vulnerability. The root cause is filename manipulation with a relative path during the upload process, allowing an attacker to overwrite any file or upload a new file. Affect...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
CVE-2022-36265
CVE-2022-36265 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). A hidden, undocumented system command web page in firmware lets an authenticated user execute Linux commands with root privileges, enabling full device compromise. Exploitation details are described across multiple sour...
CVE-2022-36265
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
CVE-2022-36266
CVE-2022-36266 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The issue is a stored XSS vulnerability in the login.cgi endpoint, which does not verify authentication. A malicious request can carry a base32-encoded XSS payload that is stored and later reflected on the user settings...
CVE-2022-36267
CVE-2022-36267 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The vulnerability is an unauthenticated remote command injection in the diagnostics.cgi binary (/home/www/cgi-bin/diagnostics.cgi) that accepts unauthenticated, unsanitized data, enabling remote code execution via craft...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
Airspan AirSpot 5410 跨站脚本漏洞
The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from a failure of its binary component /home/www/cgi-bin/login.cgi to check that the user ...
PT-2022-23282 · Airspan · Airspan Airspot 5410
Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 version 0.3.4.1-4 and under Description: The issue allows for unauthenticated remote arbitrary file upload, enabling the overwriting of arbitrary files. A malicious actor can upload a file of their choice and overwrite an...
PT-2022-23283 · Airspan · Airspan Airspot 5410
Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: A hidden system command web page exists in the device, allowing an authenticated user to execute Linux commands with root privileges. This page is not listed in the administration...
Airspan AirSpot 5410 安全漏洞
The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which originates from the ability of an authenticated attacker to achieve full control of the devi...