Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airspan vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-21800
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crac...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
10
CVSSv2
CVE-2022-21141
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remo...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
10
CVSSv2
CVE-2022-21143
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an malicious user to inject arbitrary commands.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
5
CVSSv2
CVE-2022-21176
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an malicious user to perform a SQL injection and obtain sensitive information.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
10
CVSSv2
CVE-2022-21196
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
5
CVSSv2
CVE-2022-0138
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
10
CVSSv2
CVE-2022-21215
This vulnerability could allow an malicious user to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the se...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
NA
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32...
Airspan Airspot 5410 Firmware
NA
CVE-2022-36267
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing f...
Airspan Airspot 5410 Firmware
1 Github repository
NA
CVE-2022-36306
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version ...
Airspan Airvelocity 1500 Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »