CVE-2022-36308

Name of the Vulnerable Software and Affected Versions Airspan AirVelocity 1500 versions prior to 15.18.00.2511

Description The web management UI of the affected software displays SNMP credentials in plaintext and stores SNMPv3 credentials unhashed on the filesystem. This allows anyone with web access to use these credentials to manipulate the eNodeB over SNMP. The issue may also affect other AirVelocity and AirSpeed models.

Recommendations For versions prior to 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue. As a temporary workaround, consider restricting web access to the management UI to minimize the risk of exploitation.