cvedb.io
CVE-2022-36309
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2022-08-16T01:15:13.707 · Last modified 2026-06-17T04:53:12.190

Summary

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.

Affected products

airspan — airvelocity_1500_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when airspan ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.