CVE-2022-36267

{"id": "CVE-2022-36267", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-08-08T15:15:09.083", "references": [{"url": "http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."}, {"lang": "es", "value": "En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyecci\u00f3n de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticaci\u00f3n del usuario cuando se dise\u00f1a una petici\u00f3n http maliciosa al inyectar c\u00f3digo en uno de los par\u00e1metros permitiendo una ejecuci\u00f3n de c\u00f3digo remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede dise\u00f1ar una petici\u00f3n espec\u00edfica e interactuar remotamente con el dispositivo"}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59C409B3-0CFA-48A0-BEF1-AB721401E8EE", "versionEndIncluding": "0.3.4.1-4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}