CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

CVE-2022-36264

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...

Design/Logic Flaw

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...

Cross site scripting

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

Airspan AirSpot 5410 代码问题漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which originates from an unauthenticated attacker who can overwrite any file on the system or uplo...

PT-2022-23282 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 version 0.3.4.1-4 and under Description: The issue allows for unauthenticated remote arbitrary file upload, enabling the overwriting of arbitrary files. A malicious actor can upload a file of their choice and overwrite an...

Airspan AirSpot 5410 安全漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from the binary component /home/www/cgi-bin/diagnostics.cgi that can receive...

Airspan AirSpot 5410 跨站脚本漏洞

The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from a failure of its binary component /home/www/cgi-bin/login.cgi to check that the user ...