Vulnerabilities > CVE-2022-36265 - Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

airspan

NVD

Published: 2022-08-08

Updated: 2024-11-21

Summary

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. After performing a reverse engineering of the firmware, it was discovered that a hidden page not listed in the administration management interface allows a user to execute Linux commands on the device with root privileges. An authenticated malicious threat actor can use this page to fully compromise the device.

Vulnerable Configurations

Part	Description	Count
OS	Airspan Airspan Airspot 5410 Firmware - Airspan Airspot 5410 Firmware 0.3.4.1-4	2
Hardware	Airspan Airspan Airspot 5410 -	1

References

https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833
https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf
https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833
https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf