CVE-2022-36265

Name of the Vulnerable Software and Affected Versions Airspan AirSpot 5410 versions 0.3.4.1-4 and under

Description A hidden system command web page exists in the device, allowing an authenticated user to execute Linux commands with root privileges. This page is not listed in the administration management interface and can be used by a malicious threat actor to fully compromise the device.

Recommendations For Airspan AirSpot 5410 versions 0.3.4.1-4 and under, consider restricting access to the hidden system command web page until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.