In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it exists that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
airspan airspot_5410_firmware |