CVE-2022-36264

Name of the Vulnerable Software and Affected Versions Airspan AirSpot 5410 version 0.3.4.1-4 and under

Description The issue allows for unauthenticated remote arbitrary file upload, enabling the overwriting of arbitrary files. A malicious actor can upload a file of their choice and overwrite any system file by manipulating the filename and appending a relative path that will be interpreted during the upload process. This method makes it possible to rewrite any system file or upload a new file.

Recommendations For Airspan AirSpot 5410 version 0.3.4.1-4 and under, consider restricting access to the file upload functionality until a patch is available. As a temporary workaround, avoid using the file upload feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.