Airspan AirVelocity 1500

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorAirspan (766899b4-cdae-5171-a209-ec900f41395f)
ProductAirvelocity 1500 (9e1ab0dc-f831-5c51-83b0-fbddf60ae877)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-36312 not_vulnerable 2026-06-03 14:47:39.628103 Details available
Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:34:33.000Z
Updated: 2024-08-03T10:00:04.350Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36311 not_vulnerable 2026-06-03 14:47:39.625704 Details available
Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:34:12.000Z
Updated: 2024-08-03T10:00:04.384Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36310 not_vulnerable 2026-06-03 14:47:39.625409 Details available
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:33:45.000Z
Updated: 2024-08-03T10:00:04.322Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36309 not_vulnerable 2026-06-03 14:47:39.625084 Details available
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:33:24.000Z
Updated: 2024-08-03T10:00:04.309Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36308 not_vulnerable 2026-06-03 14:47:39.624776 Details available
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:32:57.000Z
Updated: 2024-08-03T10:00:04.241Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36307 not_vulnerable 2026-06-03 14:47:39.624441 Details available
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:32:34.000Z
Updated: 2024-08-03T10:00:04.239Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36306 not_vulnerable 2026-06-03 14:47:39.623998 Details available
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.
Published: 2022-08-16T00:32:07.000Z
Updated: 2024-08-03T10:00:04.280Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.