Airspan AirSpot pingDiagnostic command injection
Added: 09/27/2022Background
Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users.Problem
A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command could allow a remote attacker to execute arbitrary commands.Resolution
It is unknown whether this will be fixed. Restrict access to the https service.References
https://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.htmlLimitations
Exploit works on Airspan AirSpot 5410 version 0.3.4.1-4 (Ubuntu).Back to exploit index