CVE-2022-36267

CRITICAL EXPLOITED IN THE WILD

Airspan AirSpot 5410 <0.3.4.1-4 - Command Injection

Title source: llm

Exploitation Summary

CVE-2022-36267 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 2 public exploits from researchers including Samy Younsi, 0xNslabs.

AI-analyzed exploit summary This exploit leverages an unauthenticated remote command injection vulnerability in Airspan AirSpot 5410 devices via the diagnostics.cgi endpoint. It executes a reverse shell payload by injecting a command into the targetIP parameter.

Description

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.

Exploits (2)

exploitdb WORKING POC

by Samy Younsi · pythonremotelinux

https://www.exploit-db.com/exploits/51011

View Code ZIP pw:eip

This exploit leverages an unauthenticated remote command injection vulnerability in Airspan AirSpot 5410 devices via the diagnostics.cgi endpoint. It executes a reverse shell payload by injecting a command into the targetIP parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Airspan AirSpot 5410 version 0.3.4.1-4 and under

No auth needed

Prerequisites: Target device must be reachable on the specified port (default 443) · Attacker must have a listener set up on the specified LHOST and LPORT

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 10 stars

by 0xNslabs · remote

https://github.com/0xNslabs/CVE-2022-36267-PoC

View Code ZIP pw:eip

This repository contains a functional Python script that exploits an unauthenticated remote command injection vulnerability (CVE-2022-36267) in Airspan AirSpot 5410 devices. The exploit sends a crafted HTTP POST request to the diagnostics.cgi endpoint, injecting a reverse shell payload via the 'targetIP' parameter.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Airspan AirSpot 5410 (versions 0.3.4.1-4 and under)

No auth needed

Prerequisites: Network access to the target device's web interface (port 443 by default) · A listener set up on the attacker's machine to receive the reverse shell

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Mitigation, Third Party Advisory x_refsource_misc

https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833

Product, Third Party Advisory x_refsource_misc

https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html

Scores

CVSS v3 9.8

EPSS 0.7023

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-02-15

InTheWild.io 2023-02-15

Status published

Products (1)

airspan/airspot_5410_firmware < 0.3.4.1-4

Published Aug 08, 2022

Tracked Since Feb 18, 2026