Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
References
Link | Resource |
---|---|
https://helpdesk.airspan.com/browse/TRN3-1694 | Permissions Required Vendor Advisory |
https://helpdesk.airspan.com/browse/TRN3-1694 | Permissions Required Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://helpdesk.airspan.com/browse/TRN3-1694 - Permissions Required, Vendor Advisory |
17 Aug 2022, 14:29
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://helpdesk.airspan.com/browse/TRN3-1694 - Permissions Required, Vendor Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:h:airspan:airvelocity_1500:-:*:*:*:*:*:*:* cpe:2.3:o:airspan:airvelocity_1500_firmware:*:*:*:*:*:*:*:* |
16 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-16 01:15
Updated : 2024-11-21 07:12
NVD link : CVE-2022-36311
Mitre link : CVE-2022-36311
CVE.ORG link : CVE-2022-36311
JSON object : View
Products Affected
airspan
- airvelocity_1500
- airvelocity_1500_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')