Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airspan vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-21800
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crac...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
7.5
CVSSv3
CVE-2022-0138
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21141
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remo...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21143
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locations, which may allow an malicious user to inject arbitrary commands.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
7.5
CVSSv3
CVE-2022-21176
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow an malicious user to perform a SQL injection and obtain sensitive information.
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21196
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.8
CVSSv3
CVE-2022-21215
This vulnerability could allow an malicious user to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages that could perform some actions themselves. The attacker could force the se...
Airspan Mimosa Management Platform
Airspan C6x Firmware
Airspan C5x Firmware
Airspan C5c Firmware
Airspan A5x Firmware
9.1
CVSSv3
CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulati...
Airspan Airspot 5410 Firmware
7.2
CVSSv3
CVE-2022-36265
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it exists that a hidden page not listed in the administration management interface allows a user to execute Linux commands on...
Airspan Airspot 5410 Firmware
6.1
CVSSv3
CVE-2022-36266
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32...
Airspan Airspot 5410 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »