CVE-2022-21800— Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-21800
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Airspan Networks Mimosa Use of a Broken or Risky Cryptographic Algorithm
Source: NVD (National Vulnerability Database)
Vulnerability Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Airspan Networks Mmp 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Airspan Networks Mmp是美国Airspan Networks公司的一个用于 Mimosa 固定无线设备的高级独立网络管理软件平台。 Airspan Networks Mmp 存在加密问题漏洞,该漏洞源于受影响的产品在存储密码之前使用MD5算法对密码进行哈希处理,但不会进行加盐哈希处理。经过远程认证的攻击者可利用该漏洞可以破解经过哈希处理的密码。该漏洞允许远程用户危害目标系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Airspan Networks | MMP | unspecified ~ v1.0.3 | - | |
| Airspan Networks | PTP C-series | unspecified ~ v2.8.6.1 | - | |
| Airspan Networks | PTMP C-series and A5x | unspecified ~ v2.5.4.1 | - |
II. Public POCs for CVE-2022-21800
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-21800
请登录查看更多情报信息。
- https://www.cisa.gov/uscert/ics/advisories/icsa-22-034-02x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-21800
Same Patch Batch · Airspan Networks · 2022-02-18 · 7 CVEs total
| CVE-2022-21141 | 10.0 CRITICAL | Airspan Networks Mimosa Incorrect Authorization |
| CVE-2022-21196 | 10.0 CRITICAL | Airspan Networks Mimosa Improper Authorization |
| CVE-2022-21215 | 10.0 CRITICAL | Airspan Networks Mimosa Server-Side Request Forgery (SSRF) |
| CVE-2022-21176 | 8.6 HIGH | Airspan Networks Mimosa SQL Injection |
| CVE-2022-0138 | 7.5 HIGH | Airspan Networks Mimosa Deserialization of Untrusted Data |
| CVE-2022-21143 | 7.5 HIGH | Airspan Networks Mimosa OS Command Injection |
IV. Related Vulnerabilities
Same product: MMP
- CVE-2022-21141
Airspan Networks Mimosa Incorrect Authorization - CVE-2022-21176
Airspan Networks Mimosa SQL Injection - CVE-2022-21143
Airspan Networks Mimosa OS Command Injection - CVE-2022-0138
Airspan Networks Mimosa Deserialization of Untrusted Data - CVE-2022-21196
Airspan Networks Mimosa Improper Authorization
Same vendor: Airspan Networks
- CVE-2022-21141
Airspan Networks Mimosa Incorrect Authorization - CVE-2022-21176
Airspan Networks Mimosa SQL Injection - CVE-2022-21143
Airspan Networks Mimosa OS Command Injection - CVE-2022-0138
Airspan Networks Mimosa Deserialization of Untrusted Data - CVE-2022-21196
Airspan Networks Mimosa Improper Authorization
Same weakness: CWE-327
- CVE-2026-6411
MAXHUB Pivot Client Application Use of a Broken or Risky Cry - CVE-2026-44405
Paramiko 加密问题漏洞 - CVE-2026-32959
Silex SD-330AC和Silex AMC Manager 安全漏洞 - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
V. Comments for CVE-2022-21800
No comments yet