CVE-2022-36312

HIGH

Airspan AirVelocity <15.18.00.2511 - CSRF

Title source: llm
STIX 2.1

Description

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

References (1)

Core 1
Core References
Permissions Required, Vendor Advisory x_refsource_confirm
https://helpdesk.airspan.com/browse/TRN3-1695

Scores

CVSS v3 8.8
EPSS 0.0029
EPSS Percentile 20.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
airspan/airvelocity_1500_firmware 15.18.00.2511
Published Aug 16, 2022
Tracked Since Feb 18, 2026