Francis Lacoste-Cordeau

**Name of the Vulnerable Software and Affected Versions** Airspan WiMax ProST version 4.1 with software 6.5.38.0 **Description** The administration panel of the affected device does not verify authentication credentials. This allows remote attackers to upload malformed firmware or bind the antenna to a different WiMAX base station via requests to forms under "process adv/". **Recommendations** For Airspan WiMax ProST version 4.1 with software 6.5.38.0, consider restricting access to the administration panel and the "process adv/" endpoint to minimize the risk of exploitation. Avoid using the administration panel until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.