CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:12

Type Values Removed Values Added
References () https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5 - Third Party Advisory () https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5 - Third Party Advisory
References () https://helpdesk.airspan.com/browse/TRN3-1693 - Permissions Required, Vendor Advisory () https://helpdesk.airspan.com/browse/TRN3-1693 - Permissions Required, Vendor Advisory

17 Aug 2022, 14:11

Type Values Removed Values Added
CPE cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*
cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CWE CWE-522
References (CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1693 - (CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1693 - Permissions Required, Vendor Advisory
References (MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5 - (MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j75-qh6c-wpc5 - Third Party Advisory

16 Aug 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-16 01:15

Updated : 2024-11-21 07:12


NVD link : CVE-2022-36307

Mitre link : CVE-2022-36307

CVE.ORG link : CVE-2022-36307


JSON object : View

Products Affected

airspan

  • airvelocity_1500
  • airvelocity_1500_firmware
CWE
CWE-522

Insufficiently Protected Credentials