CVE-2022-36267 - Vulnerability Details - OpenCVE

Description

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.

Published: 2022-08-08

Score: 9.8 Critical

EPSS: 70.2% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.7023.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html
https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833
https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf

History

No history.

Subscriptions

Airspan Airspot 5410 Airspot 5410 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-08T14:34:15.000Z

Updated: 2024-08-03T10:00:04.316Z

Reserved: 2022-07-18T00:00:00.000Z

Link: CVE-2022-36267

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-08T15:15:09.083

Modified: 2024-11-21T07:12:41.500

Link: CVE-2022-36267

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T17:06:27.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"}, {"tags": ["x_refsource_MISC"], "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36267", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833", "refsource": "MISC", "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"}, {"name": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf", "refsource": "MISC", "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"}, {"name": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.316Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36267", "datePublished": "2022-08-08T14:34:15.000Z", "dateReserved": "2022-07-18T00:00:00.000Z", "dateUpdated": "2024-08-03T10:00:04.316Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE", "versionEndIncluding": "0.3.4.1-4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."}, {"lang": "es", "value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyecci\u00f3n de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticaci\u00f3n del usuario cuando se dise\u00f1a una petici\u00f3n http maliciosa al inyectar c\u00f3digo en uno de los par\u00e1metros permitiendo una ejecuci\u00f3n de c\u00f3digo remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede dise\u00f1ar una petici\u00f3n espec\u00edfica e interactuar remotamente con el dispositivo"}], "id": "CVE-2022-36267", "lastModified": "2024-11-21T07:12:41.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-08T15:15:09.083", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}