Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-36267 PoC — Airspan AirSpot 5410 安全漏洞

Source
https://github.com/0xNslabs/CVE-2022-36267-PoC
Associated Vulnerability
Title:Airspan AirSpot 5410 安全漏洞 (CVE-2022-36267)
Description:In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device.
Description
PoC Script for CVE-2022-36267: Exploits an unauthenticated remote command injection vulnerability in Airspan AirSpot 5410 antenna.
Readme
# CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote Command Injection.

## Overview
This repository contains a Proof of Concept (PoC) reverse shell script for exploiting CVE-2022-36267, a critical vulnerability in Airspan AirSpot 5410 devices. The script is a practical demonstration, complementing the in-depth analysis provided in the blog post "Airspan AirSpot 5410 - Vulnerability Report."

### Affected versions
All Airspan AirSpot 5410 devices from version 0.3.4.1-4 and under.

### PoC Script Usage

```python
# Usage: python AirSpot-5410.py --RHOST <Target-IP> --RPORT <Target-Port> --LHOST <Local-IP> --LPORT <Local-Port>
# Example: python AirSpot-5410.py --RHOST 192.168.1.1 --RPORT 443 --LHOST 192.168.1.100 --LPORT 4444
```

 ### Video Proof of Concept

![Script PoC CVE-2022-36267](https://neroteam.com/blog/pages/airspan-airspot-5410-vulnerability-report/airspan-1.jpg?m=1673082966)

[![Airspan AirSpot 5410 Unauthenticated Remote Command Injection](https://i.ibb.co/7gXHL9q/500px-youtube-social-play.png)](https://www.youtube.com/embed/kb1F6cxhCQg)

### Note
FOR EDUCATIONAL PURPOSE ONLY.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →