Vulnerability Details CVE-2022-36264
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2022-36264
-
cpe:2.3:h:airspan:airspot_5410:-
-
cpe:2.3:o:airspan:airspot_5410_firmware:-
-
cpe:2.3:o:airspan:airspot_5410_firmware:0.3.4.1-4