CVE-2022-36307

MEDIUM

AirVelocity 1500 - Info Disclosure

Title source: llm

Description

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.

References (2)

[Third Party Advisory] https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5

[Permissions Required, Vendor Advisory] https://helpdesk.airspan.com/browse/TRN3-1693

Scores

CVSS v3 6.8

EPSS 0.0014

EPSS Percentile 33.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

airspan/airvelocity_1500_firmware < 15.18.00.2511

Timeline

Published Aug 16, 2022

Tracked Since Feb 18, 2026