CVE-2022-36309
HIGHAirspan AirVelocity <15.18.00.2511 - Command Injection
Title source: llmDescription
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://helpdesk.airspan.com/browse/TRN3-1690
Exploit, Third Party Advisory x_refsource_misc
https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4
Scores
CVSS v3
8.8
EPSS
0.2407
EPSS Percentile
97.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
airspan/airvelocity_1500_firmware
9.3.0.01249 - 15.18.00.2511
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026