CVE-2022-36309 - AskarLabs CVE Database

CVE-2022-36309

Vendor Airspan

Product AirVelocity

Weakness CWE-78

Published August 16, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Key dates

02Disclosure timeline

August 16, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-36309 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2023-20015 Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability CVE-2023-28805 ZCC on Linux privilege escalation CVE-2020-29499 CVE-2025-15061 Framelink Figma MCP Server fetchWithRetry Command Injection Remote Code Execution Vulnerability CVE-2020-37002 Ajenti 2.1.36 Authenticated Remote Code Execution