Vulnerability Description
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Airspot 5410 Firmware | <= 0.3.4.1-4 |
| Airspan | Airspot 5410 | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833ExploitMitigationThird Party Advisory
- https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdfProductThird Party Advisory
- https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833ExploitMitigationThird Party Advisory
- https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdfProductThird Party Advisory
FAQ
What is CVE-2022-36264?
CVE-2022-36264 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely ...
How severe is CVE-2022-36264?
CVE-2022-36264 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-36264?
Check the references section above for vendor advisories and patch information. Affected products include: Airspan Airspot 5410 Firmware, Airspan Airspot 5410.