Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airspan vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-21141
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remo...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
7.5
CVSSv3
CVE-2022-21176
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an malicious user to perform a SQL injection and obtain sensitive information.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
6.5
CVSSv3
CVE-2022-21800
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crac...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
7.5
CVSSv3
CVE-2022-0138
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21215
This vulnerability could allow an malicious user to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the se...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21143
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an malicious user to inject arbitrary commands.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21196
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
6.5
CVSSv3
CVE-2022-36306
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version ...
Airspan Airvelocity 1500 Firmware
6.8
CVSSv3
CVE-2022-36307
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
Airspan Airvelocity 1500 Firmware
9.1
CVSSv3
CVE-2022-36308
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. ...
Airspan Airvelocity 1500 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »