Lucene search
K

132 matches found

NVD
NVD
added 2022/08/08 3:15 p.m.27 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS0.01207EPSS
Exploits1References2
OSV
OSV
added 2022/08/08 3:15 p.m.5 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS5.9AI score0.01207EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/08 3:15 p.m.7 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.1CVSS7.5AI score0.01207EPSS
Exploits1References3
Prion
Prion
added 2022/08/08 3:15 p.m.17 views

Cross site scripting

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

5.8CVSS6.7AI score0.0074EPSS
Exploits3References3Affected Software1
Prion
Prion
added 2022/08/08 3:15 p.m.19 views

Privilege escalation

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

6.4CVSS9.1AI score0.01207EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/08 3:15 p.m.13 views

Design/Logic Flaw

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

5.8CVSS7.1AI score0.0106EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/08/08 3:15 p.m.33 views

Command injection

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

7.5CVSS10AI score0.53752EPSS
Exploits5References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/08 3:15 p.m.2 views

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

6.1CVSS6.8AI score0.0074EPSS
Exploits3References4
CVE
CVE
added 2022/08/08 2:38 p.m.63 views

CVE-2022-36264

Airspan AirSpot 5410 (versions up to 0.3.4.1-4 and earlier) is affected by an unauthenticated remote Arbitrary File Upload vulnerability. The root cause is filename manipulation with a relative path during the upload process, allowing an attacker to overwrite any file or upload a new file. Affect...

9.1CVSS9.1AI score0.01207EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 2:38 p.m.31 views

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

9.3AI score0.01207EPSS
Exploits1References2
CVE
CVE
added 2022/08/08 2:36 p.m.60 views

CVE-2022-36265

CVE-2022-36265 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). A hidden, undocumented system command web page in firmware lets an authenticated user execute Linux commands with root privileges, enabling full device compromise. Exploitation details are described across multiple sour...

7.2CVSS7.2AI score0.0106EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/08 2:36 p.m.24 views

CVE-2022-36265

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

7.4AI score0.0106EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/08/08 2:35 p.m.35 views

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

6.3AI score0.0074EPSS
Exploits3References3
CVE
CVE
added 2022/08/08 2:35 p.m.189 views

CVE-2022-36266

CVE-2022-36266 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The issue is a stored XSS vulnerability in the login.cgi endpoint, which does not verify authentication. A malicious request can carry a base32-encoded XSS payload that is stored and later reflected on the user settings...

6.1CVSS6AI score0.0074EPSS
In wildExploits3References3Affected Software1
CVE
CVE
added 2022/08/08 2:34 p.m.229 views

CVE-2022-36267

CVE-2022-36267 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The vulnerability is an unauthenticated remote command injection in the diagnostics.cgi binary (/home/www/cgi-bin/diagnostics.cgi) that accepts unauthenticated, unsanitized data, enabling remote code execution via craft...

9.8CVSS10AI score0.53752EPSS
In wildExploits5References3Affected Software1
Cvelist
Cvelist
added 2022/08/08 2:34 p.m.37 views

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...

10AI score0.53752EPSS
Exploits5References3
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.4 views

Airspan AirSpot 5410 跨站脚本漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from a failure of its binary component /home/www/cgi-bin/login.cgi to check that the user ...

6.1CVSS6.7AI score0.0074EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.6 views

PT-2022-23282 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 version 0.3.4.1-4 and under Description: The issue allows for unauthenticated remote arbitrary file upload, enabling the overwriting of arbitrary files. A malicious actor can upload a file of their choice and overwrite an...

9.1CVSS9.2AI score0.01207EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.7 views

PT-2022-23283 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: A hidden system command web page exists in the device, allowing an authenticated user to execute Linux commands with root privileges. This page is not listed in the administration...

7.2CVSS7.2AI score0.0106EPSS
Exploits1References8
CNNVD
CNNVD
added 2022/08/08 12:0 a.m.6 views

Airspan AirSpot 5410 安全漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which originates from the ability of an authenticated attacker to achieve full control of the devi...

7.2CVSS7.1AI score0.0106EPSS
Exploits1References4
Rows per page
Query Builder