Search

Find a vulnerability

Search criteria

    20 vulnerabilities by Airspan

    CVE-2022-36312 (GCVE-0-2022-36312)

    Vulnerability from nvd – Published: 2022-08-16 00:34 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://helpdesk.airspan.com/browse/TRN3-1695 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , ≤ 15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThanOrEqual": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CSRF (CWE-352)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:34:33.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF (CWE-352)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1695",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36312",
        "datePublished": "2022-08-16T00:34:33.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36311 (GCVE-0-2022-36311)

    Vulnerability from nvd – Published: 2022-08-16 00:34 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://helpdesk.airspan.com/browse/TRN3-1694 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "XSS (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:34:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1694",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36311",
        "datePublished": "2022-08-16T00:34:12.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36310 (GCVE-0-2022-36310)

    Vulnerability from nvd – Published: 2022-08-16 00:33 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    • CWE-242 - Use of Inherently Dangerous Function (CWE-242)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-242",
                  "description": "Use of Inherently Dangerous Function (CWE-242)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:33:45.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Inherently Dangerous Function (CWE-242)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1689",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36310",
        "datePublished": "2022-08-16T00:33:45.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36309 (GCVE-0-2022-36309)

    Vulnerability from nvd – Published: 2022-08-16 00:33 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:33:24.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36309",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1690",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36309",
        "datePublished": "2022-08-16T00:33:24.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36308 (GCVE-0-2022-36308)

    Vulnerability from nvd – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:57.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1692",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36308",
        "datePublished": "2022-08-16T00:32:57.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36307 (GCVE-0-2022-36307)

    Vulnerability from nvd – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:34.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36307",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1693",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36307",
        "datePublished": "2022-08-16T00:32:34.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36306 (GCVE-0-2022-36306)

    Vulnerability from nvd – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , ≤ 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThanOrEqual": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated attacker can enumerate and download sensitive files, including the eNodeB\u0027s web management UI\u0027s TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-219",
                  "description": "CWE-219, CWE-548",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:07.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36306",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated attacker can enumerate and download sensitive files, including the eNodeB\u0027s web management UI\u0027s TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-219, CWE-548"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1691",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36306",
        "datePublished": "2022-08-16T00:32:07.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1542 (GCVE-0-2008-1542)

    Vulnerability from nvd – Published: 2008-03-28 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://airspan4wimax.googlepages.com/ x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/446403 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://airspan4wimax.googlepages.com/"
              },
              {
                "name": "micromax-default-password(41437)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
              },
              {
                "name": "VU#446403",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/446403"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan Base Station Distribution Unit (BSDU) has \"topsecret\" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://airspan4wimax.googlepages.com/"
            },
            {
              "name": "micromax-default-password(41437)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
            },
            {
              "name": "VU#446403",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/446403"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1542",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan Base Station Distribution Unit (BSDU) has \"topsecret\" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://airspan4wimax.googlepages.com/",
                  "refsource": "MISC",
                  "url": "http://airspan4wimax.googlepages.com/"
                },
                {
                  "name": "micromax-default-password(41437)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
                },
                {
                  "name": "VU#446403",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/446403"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1542",
        "datePublished": "2008-03-28T23:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1543 (GCVE-0-2008-1543)

    Vulnerability from nvd – Published: 2008-03-28 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
              },
              {
                "name": "wimaxprost-interface-default-password(41567)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
            },
            {
              "name": "wimaxprost-interface-default-password(41567)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820",
                  "refsource": "CONFIRM",
                  "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
                },
                {
                  "name": "wimaxprost-interface-default-password(41567)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1543",
        "datePublished": "2008-03-28T23:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1262 (GCVE-0-2008-1262)

    Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-02-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080301 The Router Hacking Challenge is Over!",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
              },
              {
                "name": "28122",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28122"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
              },
              {
                "name": "wimaxprost-webinterface-security-bypass(41052)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
              },
              {
                "name": "VU#248372",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/248372"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0x000000.com/?i=524"
              },
              {
                "name": "ADV-2008-0802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0802/references"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://airspan4wimax.googlepages.com/"
              },
              {
                "name": "29265",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29265"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "28122",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28122"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "wimaxprost-webinterface-security-bypass(41052)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
            },
            {
              "name": "VU#248372",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/248372"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0x000000.com/?i=524"
            },
            {
              "name": "ADV-2008-0802",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0802/references"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://airspan4wimax.googlepages.com/"
            },
            {
              "name": "29265",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29265"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080301 The Router Hacking Challenge is Over!",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
                },
                {
                  "name": "28122",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28122"
                },
                {
                  "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
                  "refsource": "MISC",
                  "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
                },
                {
                  "name": "wimaxprost-webinterface-security-bypass(41052)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
                },
                {
                  "name": "VU#248372",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/248372"
                },
                {
                  "name": "http://www.0x000000.com/?i=524",
                  "refsource": "MISC",
                  "url": "http://www.0x000000.com/?i=524"
                },
                {
                  "name": "ADV-2008-0802",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0802/references"
                },
                {
                  "name": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820",
                  "refsource": "CONFIRM",
                  "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
                },
                {
                  "name": "http://airspan4wimax.googlepages.com/",
                  "refsource": "MISC",
                  "url": "http://airspan4wimax.googlepages.com/"
                },
                {
                  "name": "29265",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29265"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1262",
        "datePublished": "2008-03-10T17:00:00.000Z",
        "dateReserved": "2008-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36312 (GCVE-0-2022-36312)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:34 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://helpdesk.airspan.com/browse/TRN3-1695 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , ≤ 15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThanOrEqual": "15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CSRF (CWE-352)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:34:33.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CSRF (CWE-352)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1695",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1695"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36312",
        "datePublished": "2022-08-16T00:34:33.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36311 (GCVE-0-2022-36311)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:34 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://helpdesk.airspan.com/browse/TRN3-1694 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "XSS (CWE-79)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:34:12.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36311",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS (CWE-79)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1694",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1694"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36311",
        "datePublished": "2022-08-16T00:34:12.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36310 (GCVE-0-2022-36310)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:33 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    • CWE-242 - Use of Inherently Dangerous Function (CWE-242)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.322Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-242",
                  "description": "Use of Inherently Dangerous Function (CWE-242)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:33:45.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36310",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Use of Inherently Dangerous Function (CWE-242)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1689",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1689"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-whc6-2989-42xm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36310",
        "datePublished": "2022-08-16T00:33:45.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.322Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36309 (GCVE-0-2022-36309)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:33 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.309Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:33:24.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36309",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB\u0027s web management UI. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-78"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1690",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1690"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-p295-2jh6-g6g4"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36309",
        "datePublished": "2022-08-16T00:33:24.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.309Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36308 (GCVE-0-2022-36308)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.241Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-256",
                  "description": "CWE-256",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:57.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36308",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-256"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1692",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1692"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36308",
        "datePublished": "2022-08-16T00:32:57.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36307 (GCVE-0-2022-36307)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , < 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThan": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:34.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36307",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1693",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1693"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36307",
        "datePublished": "2022-08-16T00:32:34.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36306 (GCVE-0-2022-36306)

    Vulnerability from cvelistv5 – Published: 2022-08-16 00:32 – Updated: 2024-08-03 10:00
    VLAI
    Summary
    An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Airspan AirVelocity Affected: unspecified , ≤ 15.18.00.2511 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:00:04.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AirVelocity",
              "vendor": "Airspan",
              "versions": [
                {
                  "lessThanOrEqual": "15.18.00.2511",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An authenticated attacker can enumerate and download sensitive files, including the eNodeB\u0027s web management UI\u0027s TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-219",
                  "description": "CWE-219, CWE-548",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-08-16T00:32:07.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-19",
              "ID": "CVE-2022-36306",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "AirVelocity",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "15.18.00.2511"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Airspan"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An authenticated attacker can enumerate and download sensitive files, including the eNodeB\u0027s web management UI\u0027s TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-219, CWE-548"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpdesk.airspan.com/browse/TRN3-1691",
                  "refsource": "CONFIRM",
                  "url": "https://helpdesk.airspan.com/browse/TRN3-1691"
                },
                {
                  "name": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9",
                  "refsource": "MISC",
                  "url": "https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-9v93-3qpc-hxj9"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36306",
        "datePublished": "2022-08-16T00:32:07.000Z",
        "dateReserved": "2022-07-19T00:00:00.000Z",
        "dateUpdated": "2024-08-03T10:00:04.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1542 (GCVE-0-2008-1542)

    Vulnerability from cvelistv5 – Published: 2008-03-28 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://airspan4wimax.googlepages.com/ x_refsource_MISC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/446403 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2008-03-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.442Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://airspan4wimax.googlepages.com/"
              },
              {
                "name": "micromax-default-password(41437)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
              },
              {
                "name": "VU#446403",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/446403"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Airspan Base Station Distribution Unit (BSDU) has \"topsecret\" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://airspan4wimax.googlepages.com/"
            },
            {
              "name": "micromax-default-password(41437)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
            },
            {
              "name": "VU#446403",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/446403"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1542",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Airspan Base Station Distribution Unit (BSDU) has \"topsecret\" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://airspan4wimax.googlepages.com/",
                  "refsource": "MISC",
                  "url": "http://airspan4wimax.googlepages.com/"
                },
                {
                  "name": "micromax-default-password(41437)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41437"
                },
                {
                  "name": "VU#446403",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/446403"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1542",
        "datePublished": "2008-03-28T23:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.442Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1543 (GCVE-0-2008-1543)

    Vulnerability from cvelistv5 – Published: 2008-03-28 23:00 – Updated: 2024-08-07 08:24
    VLAI
    Summary
    The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-03-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:24:42.295Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
              },
              {
                "name": "wimaxprost-interface-default-password(41567)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-03-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
            },
            {
              "name": "wimaxprost-interface-default-password(41567)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1543",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Advanced User Interface Pages in the ProST Web Management component on the Airspan WiMAX ProST have a certain default User ID and password, which makes it easier for remote attackers to obtain partial administrative access, a different vulnerability than CVE-2008-1262."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820",
                  "refsource": "CONFIRM",
                  "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
                },
                {
                  "name": "wimaxprost-interface-default-password(41567)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41567"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1543",
        "datePublished": "2008-03-28T23:00:00.000Z",
        "dateReserved": "2008-03-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:24:42.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1262 (GCVE-0-2008-1262)

    Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
    VLAI
    Summary
    The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-02-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:17:34.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080301 The Router Hacking Challenge is Over!",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
              },
              {
                "name": "28122",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28122"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
              },
              {
                "name": "wimaxprost-webinterface-security-bypass(41052)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
              },
              {
                "name": "VU#248372",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/248372"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.0x000000.com/?i=524"
              },
              {
                "name": "ADV-2008-0802",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0802/references"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://airspan4wimax.googlepages.com/"
              },
              {
                "name": "29265",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29265"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "28122",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28122"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "wimaxprost-webinterface-security-bypass(41052)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
            },
            {
              "name": "VU#248372",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/248372"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.0x000000.com/?i=524"
            },
            {
              "name": "ADV-2008-0802",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0802/references"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://airspan4wimax.googlepages.com/"
            },
            {
              "name": "29265",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29265"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1262",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080301 The Router Hacking Challenge is Over!",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
                },
                {
                  "name": "28122",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28122"
                },
                {
                  "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
                  "refsource": "MISC",
                  "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
                },
                {
                  "name": "wimaxprost-webinterface-security-bypass(41052)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41052"
                },
                {
                  "name": "VU#248372",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/248372"
                },
                {
                  "name": "http://www.0x000000.com/?i=524",
                  "refsource": "MISC",
                  "url": "http://www.0x000000.com/?i=524"
                },
                {
                  "name": "ADV-2008-0802",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0802/references"
                },
                {
                  "name": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820",
                  "refsource": "CONFIRM",
                  "url": "http://www.sharemethods.net/nepal/servlet/open?keeppath=false\u0026aid=29820"
                },
                {
                  "name": "http://airspan4wimax.googlepages.com/",
                  "refsource": "MISC",
                  "url": "http://airspan4wimax.googlepages.com/"
                },
                {
                  "name": "29265",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29265"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1262",
        "datePublished": "2008-03-10T17:00:00.000Z",
        "dateReserved": "2008-03-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T08:17:34.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }