Vulnerability Details CVE-2022-36309
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.477
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-36309
-
cpe:2.3:h:airspan:airvelocity_1500:-
-
cpe:2.3:o:airspan:airvelocity_1500_firmware:15.18.00.2511
-
cpe:2.3:o:airspan:airvelocity_1500_firmware:9.3.0.01249