8 matches found
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename a...
Cross site scripting
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...
Design/Logic Flaw
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the devi...
Airspan AirSpot 5410 代码问题漏洞
The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which originates from an unauthenticated attacker who can overwrite any file on the system or uplo...
Airspan AirSpot 5410 跨站脚本漏洞
The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from a failure of its binary component /home/www/cgi-bin/login.cgi to check that the user ...
PT-2022-23282 · Airspan · Airspan Airspot 5410
Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 version 0.3.4.1-4 and under Description: The issue allows for unauthenticated remote arbitrary file upload, enabling the overwriting of arbitrary files. A malicious actor can upload a file of their choice and overwrite an...
Airspan AirSpot 5410 安全漏洞
The Airspan AirSpot 5410 is an advanced LTE, CAT12, outdoor, multi-service product from Airspan USA. A security vulnerability exists in the Airspan AirSpot 5410 version 0.3.4.1-4 and prior versions, which stems from the binary component /home/www/cgi-bin/diagnostics.cgi that can receive...