Vladionescu

**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** A privilege escalation to root exists due to the combination of a race condition, buffer overflow, and logic bug all in `PipeSocketHandler::listen()`. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `PipeSocketHandler::listen()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Eternal Terminal versions prior to 6.2.0 **Description** The issue involves several denial of service vulnerabilities. These include a denial of service that can be triggered remotely by an invalid sequence number and a local bug that can be triggered by sending invalid input directly to the IPC socket. **Recommendations** For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AirVelocity 1500 versions 9.3.0.01249 through 15.18.00.2511 **Description** An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. **Recommendations** For AirVelocity 1500 versions 9.3.0.01249 through 15.18.00.2511, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AirVelocity 1500 versions prior to 15.18.00.2511 Other AirVelocity and AirSpeed models (affected versions not specified) **Description** The issue concerns the printing of SNMP credentials on the physically accessible serial port during boot. This could potentially expose sensitive information. The estimated number of affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For AirVelocity 1500 versions prior to 15.18.00.2511, update to software version 15.18.00.2511 or later. For other AirVelocity and AirSpeed models, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Airspan AirVelocity 1500 versions prior to 15.18.00.2511 **Description** The web management UI of the affected software displays SNMP credentials in plaintext and stores SNMPv3 credentials unhashed on the filesystem. This allows anyone with web access to use these credentials to manipulate the eNodeB over SNMP. The issue may also affect other AirVelocity and AirSpeed models. **Recommendations** For versions prior to 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue. As a temporary workaround, consider restricting web access to the management UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Airspan AirVelocity 1500 versions prior to 15.18.00.2511 **Description** The issue is related to a root command injection vulnerability in the `ActiveBank` parameter of the `recoverySubmit.cgi` script, which runs on the eNodeB's web management UI. This vulnerability may also affect other AirVelocity and AirSpeed models. **Recommendations** For versions prior to 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue. As a temporary workaround, consider restricting access to the `recoverySubmit.cgi` script until a patch is available. Avoid using the `ActiveBank` parameter in the affected script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Airspan AirVelocity 1500 software prior to version 15.18.00.2511 **Description** The issue allows an attacker with SNMP write abilities to execute commands as root on the eNodeB due to NET-SNMP-EXTEND-MIB being enabled on its snmpd service. This may also affect other AirVelocity and AirSpeed models. **Recommendations** For Airspan AirVelocity 1500 software prior to version 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue. As a temporary workaround, consider disabling the NET-SNMP-EXTEND-MIB on the snmpd service to minimize the risk of exploitation.