CSRF in Airspan Airvelocity

CVE-2022-36312

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.001 (34.1th percentile) — read the EPSS interpretation.

Affected products

Airspan Airvelocity — versions unspecified

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

helpdesk.airspan.com/browse/TRN3-1695 (x_refsource_CONFIRM)