CVE-2022-36308

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:12

Type Values Removed Values Added
References () https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x - Third Party Advisory () https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x - Third Party Advisory
References () https://helpdesk.airspan.com/browse/TRN3-1692 - Permissions Required, Vendor Advisory () https://helpdesk.airspan.com/browse/TRN3-1692 - Permissions Required, Vendor Advisory

17 Aug 2022, 14:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CPE cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:*
cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:*
CWE CWE-522
References (CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1692 - (CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1692 - Permissions Required, Vendor Advisory
References (MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x - (MISC) https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-qjgc-rx8m-q58x - Third Party Advisory

16 Aug 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-16 01:15

Updated : 2024-11-21 07:12


NVD link : CVE-2022-36308

Mitre link : CVE-2022-36308

CVE.ORG link : CVE-2022-36308


JSON object : View

Products Affected

airspan

  • airvelocity_1500
  • airvelocity_1500_firmware
CWE
CWE-256

Unprotected Storage of Credentials

CWE-522

Insufficiently Protected Credentials