Exploit for #VU72384 OS Command Injection in Airspan AirSpot 5410

Exploit for #VU72384 OS Command Injection in Airspan AirSpot 5410

Published: 2023-02-20 | Updated: 2024-01-09

Vulnerability identifier: #VU72384

Vulnerability risk: Critical

CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2022-36267

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 3

January 9, 2024
- CVE-2022-36267-PoC (PoC Script for CVE-2022-36267: Exploits an unauthenticated remote command injection vulnerability in Airspan AirSpot 5410 antenna.) [Github]
February 20, 2023
- Airspan AirSpot 5410 version 0.3.4.1 - Remote Code Execution (RCE) [Exploit-DB]
- AirSpot 5410 0.3.4.1-4 Remote Command Injection [Packet Storm]

Impact: Code execution

Vulnerable software:
Airspan AirSpot 5410
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Airspan Networks