CVE-2022-36311

Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
facebookCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
airspanairvelocity_1500_firmware
𝑥
< 15.18.00.2511
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://helpdesk.airspan.com/browse/TRN3-1694
https://helpdesk.airspan.com/browse/TRN3-1694