Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-36267

Published: 08/08/2022 Updated: 08/08/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

airspan airspot_5410_firmware

Exploits

Exploit DB: AirSpot 5410 0.3.4.1-4 Remote Command Injection
AirSpot 5410 versions 0341-4 and below suffer from an unauthenticated remote command injection vulnerability ...

Github Repositories

https://github.com/0xNslabs/CVE-2022-36267-PoC

PoC Script for CVE-2022-36267: Exploits an unauthenticated remote command injection vulnerability in Airspan AirSpot 5410 antenna.

CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote Command Injection Overview This repository contains a Proof of Concept (PoC) reverse shell script for exploiting CVE-2022-36267, a critical vulnerability in Airspan AirSpot 5410 devices The script is a practical demonstration, complementing the in-depth analysis provided in the blog post "Airspan AirSpot 5410 -

References

NVD-CWE-Otherhttps://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdfhttp://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.htmlhttps://nvd.nist.govhttps://github.com/0xNslabs/CVE-2022-36267-PoChttps://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoofCVE-2024-34928CVE-2024-5291deserializationCVE-2024-4471CVE-2024-4956CVE-2024-32002CVE-2024-5227unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook