CVE-2022-36310

Name of the Vulnerable Software and Affected Versions Airspan AirVelocity 1500 software prior to version 15.18.00.2511

Description The issue allows an attacker with SNMP write abilities to execute commands as root on the eNodeB due to NET-SNMP-EXTEND-MIB being enabled on its snmpd service. This may also affect other AirVelocity and AirSpeed models.

Recommendations For Airspan AirVelocity 1500 software prior to version 15.18.00.2511, update to version 15.18.00.2511 or later to resolve the issue. As a temporary workaround, consider disabling the NET-SNMP-EXTEND-MIB on the snmpd service to minimize the risk of exploitation.