Airspan Airvelocity
7 CVEs affecting Airspan Airvelocity. Latest disclosed: 2022-08-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36312 | | 2022-08-16 | Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and A… | |
CVE-2022-36311 | | 2022-08-16 | Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web mana… | |
CVE-2022-36310 | | 2022-08-16 | Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abi… | |
CVE-2022-36309 | | 2022-08-16 | Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit… | |
CVE-2022-36308 | | 2022-08-16 | Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials… | |
CVE-2022-36307 | | 2022-08-16 | The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00… | |
CVE-2022-36306 | | 2022-08-16 | An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and th… |