Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Airspan AirSpot 5410 安全漏洞
Vulnerability Description
Airspan AirSpot 5410是美国Airspan公司的一款先进的 LTE、CAT12、户外、多服务产品。 Airspan AirSpot 5410 0.3.4.1-4及以前版本存在安全漏洞,该漏洞源于二进制组件/home/www/cgi-bin/diagnostics.cgi可以接收未经身份验证的请求和未经消毒的数据导致未经身份验证的攻击者编写恶意http请求进行远程命令注入来调用ping功能。
CVSS Information
N/A
Vulnerability Type
N/A