Airspan Airvelocity 1500 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Airspan Airvelocity 1500 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-36308 — CVSS 9.1 (critical): Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores…
CVE-2022-36309 — CVSS 8.8 (high): Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter…
CVE-2022-36310 — CVSS 8.8 (high): Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker…
CVE-2022-36312 — CVSS 8.8 (high): Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect…
CVE-2022-36307 — CVSS 6.8 (medium): The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500…
CVE-2022-36306 — CVSS 6.5 (medium): An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web…
CVE-2022-36311 — CVSS 6.1 (medium): Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in…