Cyber Resilience

CVE-2022-36309

HighPublic PoCRCE

Published: 16 August 2022

Published
16 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1773 95.3th percentile
Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36309 is a high-severity OS Command Injection (CWE-78) vulnerability in Airspan Airvelocity 1500 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Airspan AirVelocity 1500 devices running software versions prior to 15.18.00.2511 contain a command injection vulnerability tracked as CVE-2022-36309. The flaw exists in the ActiveBank parameter of the recoverySubmit.cgi script exposed by the eNodeB web management interface and is classified under CWE-78. The same issue may affect additional AirVelocity and AirSpeed models. A CVSS 3.1 base score of 8.8 reflects network attack vector, low attack complexity, and low privileges required.

An authenticated user with access to the web UI can supply a malicious ActiveBank value that results in arbitrary command execution as root. Successful exploitation grants full control over the affected eNodeB, enabling confidentiality, integrity, and availability impacts on the radio access network element.

Vendor advisories direct customers to upgrade to version 15.18.00.2511; the corresponding Airspan and GitHub security notices are published at the referenced URLs. The associated EPSS score reached a peak of 0.2223 but shows no material post-disclosure climb that would indicate emerging exploitation interest.

EU & UK References

Vulnerability details

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

airspan
airvelocity 1500 firmware
9.3.0.01249 — 15.18.00.2511

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References