CVE-2022-36312

2022-08-1600:34:33

CWE-352

facebook

www.cve.org

airspan

csrf

airvelocity

enodeb

web management

airspeed

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

JSON

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB’s web management UI. This issue may affect other AirVelocity and AirSpeed models.

CNA Affected

[
  {
    "product": "AirVelocity",
    "vendor": "Airspan",
    "versions": [
      {
        "lessThanOrEqual": "15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

helpdesk.airspan.com/browse/TRN3-1695