What is CVE-2022-36267?

CVE-2022-36267 is a vulnerability in N/a. Published 2022-08-08.

Is CVE-2022-36267 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-36267

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting…

EPSS: 0.702 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0xNslabs/CVE-2022-36267-PoC
ARPSyndicate/cvemon
nomi-sec/PoC-in-GitHub

References

gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833 (x_refsource_MISC)
wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf (x_refsource_MISC)
packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Inje… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-36267?: CVE-2022-36267 is a vulnerability in N/a. Published 2022-08-08.
Is CVE-2022-36267 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.