CVE-2022-36307
MEDIUMAirVelocity 1500 Firmware 9.3.0.01249-15.18.00.2511 - Insufficiently Protected SNMP Credentials via Serial Port
Title source: llmDescription
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://helpdesk.airspan.com/browse/TRN3-1693
Third Party Advisory x_refsource_misc
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5
Scores
CVSS v3
6.8
EPSS
0.0029
EPSS Percentile
20.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
airspan/airvelocity_1500_firmware
9.3.0.01249 - 15.18.00.2511
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026