cbcvebase.
CVE-2022-36309
published 2022-08-16

CVE-2022-36309: Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the…

PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
24.07%
97.6th percentile
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Affected

2 ranges
VendorProductVersion rangeFixed in
airspanairvelocity>= unspecified < 15.18.00.251115.18.00.2511
airspanairvelocity_1500_firmware9.3.0.01249 – 15.18.00.2511
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.