CVE-2022-36267 — AI Deep Analysis Summary

🚨 **Essence**: Unauthenticated Remote Command Injection (RCE) in Airspan AirSpot 5410. 📉 **Consequences**: Attackers can execute arbitrary system commands (like `ping`) via the `diagnostics.cgi` binary.…

🛡️ **Root Cause**: Lack of input validation & sanitization. The `/home/www/cgi-bin/diagnostics.cgi` component accepts unauthenticated requests and processes unsanitized data, allowing command injection payloads.

📦 **Affected**: Airspan AirSpot 5410 devices. 📅 **Versions**: Firmware version **0.3.4.1-4** and all earlier versions. Newer versions may be safe.

💀 **Attacker Capabilities**: Full Remote Code Execution (RCE). 🗝️ **Privileges**: No authentication required. 📊 **Data**: Can access internal network info, potentially pivot to other devices, or install malware.

⚡ **Threshold**: **EXTREMELY LOW**. 🚫 **Auth**: None needed. 🌐 **Access**: Remote exploitation possible via HTTP requests to the CGI endpoint. No physical access or credentials required.

🔓 **Public Exploit**: **YES**. A Python PoC script is available on GitHub (`0xNslabs/CVE-2022-36267-PoC`). It provides a reverse shell, making exploitation trivial for anyone.

🔍 **Self-Check**: Scan for open HTTP ports on Airspan devices. Test if `/home/www/cgi-bin/diagnostics.cgi` is accessible without auth. Use the provided PoC script against target IPs to verify vulnerability.

🩹 **Fix**: Upgrade firmware to a version **newer than 0.3.4.1-4**. Check Airspan's official support channels for the latest secure patch. No specific patch date is listed, but version update is key.

🚧 **Workaround**: If patching isn't possible, **block external access** to port 80/443 on the device. Restrict network access to the `diagnostics.cgi` endpoint via firewall rules. Isolate the device.

🔥 **Urgency**: **CRITICAL**. 🚨 **Priority**: Immediate action required. Low exploitation barrier + public PoC = high risk of automated attacks. Patch or isolate immediately.