cvedb.io
CVE-2022-36308
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-08-16T01:15:13.480 · Last modified 2026-06-17T04:53:12.083

Summary

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.

Affected products

airspan — airvelocity_1500_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when airspan ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.