Vulnerability Description
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Airspan | Airvelocity 1500 Firmware | >= 9.3.0.01249, <= 15.18.00.2511 |
| Airspan | Airvelocity 1500 | - |
Related Weaknesses (CWE)
References
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j7Third Party Advisory
- https://helpdesk.airspan.com/browse/TRN3-1693Permissions RequiredVendor Advisory
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-8j7Third Party Advisory
- https://helpdesk.airspan.com/browse/TRN3-1693Permissions RequiredVendor Advisory
FAQ
What is CVE-2022-36307?
CVE-2022-36307 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity an...
How severe is CVE-2022-36307?
CVE-2022-36307 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36307?
Check the references section above for vendor advisories and patch information. Affected products include: Airspan Airvelocity 1500 Firmware, Airspan Airvelocity 1500.