{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-27T23:37:33.736","vulnerabilities":[{"cve":{"id":"CVE-2022-36267","sourceIdentifier":"cve@mitre.org","published":"2022-08-08T15:15:09.083","lastModified":"2024-11-21T07:12:41.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device."},{"lang":"es","value":"En Airspan AirSpot 5410 versiones 0.3.4.1-4 y anteriores, se presenta una vulnerabilidad de inyección de comandos remotos no autenticados. La funcionalidad de ping puede ser llamada sin autenticación del usuario cuando se diseña una petición http maliciosa al inyectar código en uno de los parámetros permitiendo una ejecución de código remoto. Esta vulnerabilidad es explotada por medio del archivo binario /home/www/cgi-bin/diagnostics.cgi que acepta peticiones no autenticadas y datos no saneados. Como resultado, un actor malicioso puede diseñar una petición específica e interactuar remotamente con el dispositivo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:airspan:airspot_5410_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"0.3.4.1-4","matchCriteriaId":"59C409B3-0CFA-48A0-BEF1-AB721401E8EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:airspan:airspot_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"3AF8C2B0-0EB8-41B8-B2AB-1EFB0AFE71FB"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833","source":"cve@mitre.org","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf","source":"cve@mitre.org","tags":["Product","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://gist.github.com/Nwqda/e82b3155401b094372195fdaa9b54833","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}