HIGH🇬🇧 English

CVE-2022-36312

CVSS 8.8v3.1pub. 2022-08-16upd. 2024-11-21

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Airspan Airvelocity 1500

    HW
    Airspan
    wszystkie wersje
  • Airspan Airvelocity 1500 Firmware

    OS
    Airspan
    15.18.00.2511
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-36308CRITICAL9.1ten sam produkt

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older t...

CVE-2022-36309HIGH8.8ten sam produkt

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability ...

CVE-2022-36310HIGH8.8ten sam produkt

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd ...

CVE-2022-36306MEDIUM6.5ten sam produkt

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI...

CVE-2022-36307MEDIUM6.8ten sam produkt

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fi...