VYPR

AirSpot 5410

by Airspan

CVEs (4)

  • CVE-2022-36267Aug 8, 2022
    risk 0.09cvss epss 0.54

    In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing…

  • CVE-2022-36264Aug 8, 2022
    risk 0.00cvss epss 0.01

    In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by…

  • CVE-2022-36265Aug 8, 2022
    risk 0.00cvss epss 0.01

    In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux…

  • CVE-2022-36266Aug 8, 2022
    risk 0.00cvss epss 0.01

    In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a…