Airspan Airspot 5410
Approved changes feed: RSS · Atom
cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Airspan (766899b4-cdae-5171-a209-ec900f41395f) |
|---|---|
| Product | Airspot 5410 (937e5a3f-4c2c-5eca-95a6-bb3968e5abb7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-36267 |
not_vulnerable | 2026-06-03 14:47:39.569145 |
Details available
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
Published: 2022-08-08T14:34:15.000Z
Updated: 2024-08-03T10:00:04.316Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36266 |
not_vulnerable | 2026-06-03 14:47:39.568810 |
Details available
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS payload that will be accepted and stored. A successful attack will results in the injection of malicious scripts into the user settings page.
Published: 2022-08-08T14:35:29.000Z
Updated: 2024-08-03T10:00:04.483Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36265 |
not_vulnerable | 2026-06-03 14:47:39.568462 |
Details available
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
Published: 2022-08-08T14:36:44.000Z
Updated: 2024-08-03T10:00:04.314Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36264 |
not_vulnerable | 2026-06-03 14:47:39.568030 |
Details available
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
Published: 2022-08-08T14:38:01.000Z
Updated: 2024-08-03T10:00:04.412Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.