cbcvebase.
CVE-2008-1262
published 2008-03-10

CVE-2008-1262: The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote…

PriorityP356critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
8.53%
94.4th percentile
The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.

Affected

1 ranges
VendorProductVersion rangeFixed in
airspanwimax_prost

Detection & IOCsextracted from sources · hover to see the quote

urlPOST /process_adv/
commandDialogText=&Advanced=1
path/process_adv/
  • Authentication bypass is triggered via a POST request to /process_adv/ with the body 'DialogText=&Advanced=1', bypassing web interface authentication on Airspan ProST WiMAX devices.
  • Monitor for unauthenticated POST requests to /process_adv/ on web interfaces of Airspan ProST WiMAX devices, particularly with Content-Type: application/x-www-form-urlencoded and body containing 'Advanced=1'.
  • ·The exploit targets the device at the default/common IP 10.0.0.1; detections should account for this default management IP in network monitoring rules.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.