Name of the Vulnerable Software and Affected Versions:

Airspan AirVelocity 1500 versions prior to 15.18.00.2511

Description:

The issue is related to a root command injection vulnerability in the `ActiveBank` parameter of the `recoverySubmit.cgi` script, which runs on the eNodeB's web management UI. This vulnerability may also affect other AirVelocity and AirSpeed models.

Recommendations:

For versions prior to 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue.

As a temporary workaround, consider restricting access to the `recoverySubmit.cgi` script until a patch is available.

Avoid using the `ActiveBank` parameter in the affected script until the issue is resolved.