CVE-2022-36309
Published: 16 August 2022
Summary
CVE-2022-36309 is a high-severity OS Command Injection (CWE-78) vulnerability in Airspan Airvelocity 1500 Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Airspan AirVelocity 1500 devices running software versions prior to 15.18.00.2511 contain a command injection vulnerability tracked as CVE-2022-36309. The flaw exists in the ActiveBank parameter of the recoverySubmit.cgi script exposed by the eNodeB web management interface and is classified under CWE-78. The same issue may affect additional AirVelocity and AirSpeed models. A CVSS 3.1 base score of 8.8 reflects network attack vector, low attack complexity, and low privileges required.
An authenticated user with access to the web UI can supply a malicious ActiveBank value that results in arbitrary command execution as root. Successful exploitation grants full control over the affected eNodeB, enabling confidentiality, integrity, and availability impacts on the radio access network element.
Vendor advisories direct customers to upgrade to version 15.18.00.2511; the corresponding Airspan and GitHub security notices are published at the referenced URLs. The associated EPSS score reached a peak of 0.2223 but shows no material post-disclosure climb that would indicate emerging exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-39026
Vulnerability details
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.