CVE-2008-1262
published 2008-03-10CVE-2008-1262: The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote…
PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.53%
94.4th percentile
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| airspan | wimax_prost | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass is triggered via a POST request to /process_adv/ with the body 'DialogText=&Advanced=1', bypassing web interface authentication on Airspan ProST WiMAX devices. ↗
- →Monitor for unauthenticated POST requests to /process_adv/ on web interfaces of Airspan ProST WiMAX devices, particularly with Content-Type: application/x-www-form-urlencoded and body containing 'Advanced=1'. ↗
- ·The exploit targets the device at the default/common IP 10.0.0.1; detections should account for this default management IP in network monitoring rules. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9wvh-j589-qmr7: The administration panel on the Airspan WiMax ProST 4
ghsa_unreviewed·2022-05-01
CVE-2008-1262 [HIGH] CWE-287 GHSA-9wvh-j589-qmr7: The administration panel on the Airspan WiMax ProST 4
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
GHSA
GHSA-m7vg-gwqc-x898: The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-1543 [CRITICAL] GHSA-m7vg-gwqc-x898: The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which
The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
GHSA
GHSA-79rm-vj4g-8558: Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administra
ghsa_unreviewed·2022-05-01·CVSS 10.0
CVE-2008-1542 [CRITICAL] GHSA-79rm-vj4g-8558: Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administra
Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
No detection rules found.
No writeups or analysis indexed.
http://airspan4wimax.googlepages.com/http://secunia.com/advisories/29265http://www.0x000000.com/?i=524http://www.gnucitizen.org/projects/router-hacking-challenge/http://www.kb.cert.org/vuls/id/248372http://www.securityfocus.com/archive/1/489009/100/0/threadedhttp://www.securityfocus.com/bid/28122http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820http://www.vupen.com/english/advisories/2008/0802/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41052http://airspan4wimax.googlepages.com/http://secunia.com/advisories/29265http://www.0x000000.com/?i=524http://www.gnucitizen.org/projects/router-hacking-challenge/http://www.kb.cert.org/vuls/id/248372http://www.securityfocus.com/archive/1/489009/100/0/threadedhttp://www.securityfocus.com/bid/28122http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820http://www.vupen.com/english/advisories/2008/0802/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41052
2008-03-10
Published