41 matches found
EUVD-2022-38984
Malicious code in bioql PyPI...
EUVD-2022-38983
Malicious code in bioql PyPI...
EUVD-2022-38982
Malicious code in bioql PyPI...
CVE-2022-36265
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
Exploit for CVE-2022-36267
CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote C...
New Mirai Botnet Variant 'V3G4' Exploiting 13 Flaws to Target Linux and IoT Devices
A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. Observed during the second half of 2022, the new version has been dubbed V3G4 by Palo Alto Networks Unit 42, which identified three different...
VulnCheck KEV: CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
Airspan AirSpot 5410 Command Injection (CVE-2022-36267)
A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Airspan AirSpot pingDiagnostic command injection
Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...
Airspan AirSpot pingDiagnostic command injection
Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...
Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE)
Exploit Title: Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution RCE Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested on:...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code...
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
CVE-2022-36265
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...