CVE-2022-36308
Summary
| CVE | CVE-2022-36308 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-16 01:15:00 UTC |
| Updated | 2022-08-17 14:12:00 UTC |
| Description | Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Airspan | Airvelocity 1500 | - | All | All | All |
| Operating System | Airspan | Airvelocity 1500 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Airspan SNMPv3 credentials stored and displayed in plaintext · Advisory · metaredteam/external-disclosures · GitHub | MISC | github.com | |
| Log in - Airspan JIRA | CONFIRM | helpdesk.airspan.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.