CVE-2022-36308

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-256
View all →

Vulnerability Description

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.

Related Vulnerabilities

CVE-2022-43958

CRITICAL
CVSS:9.1(Critical)

A vulnerability has been identified in QMS Automotive (All versions < V12.39), QMS Automotive (All versions < V12.39). User credentials are stored in plaintext in the database without any hashing mech...

CWE-2562022

CVE-2024-6118

CRITICAL
CVSS:9.1(Critical)

A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to t...

CWE-2562024

CVE-2020-5315

HIGH
CVSS:8.8(High)

Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated mali...

CWE-2562020

CVE-2022-33928

HIGH
CVSS:8.8(High)

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the dis...

CWE-2562022

CVE-2022-4308

HIGH
CVSS:8.8(High)

Plaintext Storage of a Password vulnerability in Secomea GateManager (USB wizard) allows Authentication abuse on SiteManager, if the generated file is leaked.

CWE-2562022

CVE-2023-41610

HIGH
CVSS:8.8(High)

Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.

CWE-2562023