Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HAirspan Airvelocity 1500
HWAirspanwszystkie wersjeAirspan Airvelocity 1500 Firmware
OSAirspan15.18.00.2511
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2022-36308CRITICAL9.1ten sam produkt
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older t...
CVE-2022-36309HIGH8.8ten sam produkt
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability ...
CVE-2022-36310HIGH8.8ten sam produkt
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd ...
CVE-2022-36306MEDIUM6.5ten sam produkt
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI...
CVE-2022-36307MEDIUM6.8ten sam produkt
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fi...