Vulnerability Report

CVE-2008-1262

Title: Airspan Wimax Prost Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2008-1262

CWE Category CWE-287

Published Date Mar 10, 2008

Modified Date Apr 09, 2025

Exploit Status Available

Score 10.0 CVSS v2.0

Exploit Probability (EPSS)

37.38%

Vulnerability Summary

CVE-2008-1262: The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via unspecified requests to forms under process_adv/.

Impacted Vendors

airspan 1

Reference Links

http://airspan4wimax.googlepages.com/ http://secunia.com/advisories/29265 http://www.0x000000.com/?i=524 http://www.gnucitizen.org/projects/router-hacking-challenge/ http://www.kb.cert.org/vuls/id/248372 http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28122 http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820 http://www.vupen.com/english/advisories/2008/0802/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41052 http://airspan4wimax.googlepages.com/ http://secunia.com/advisories/29265 http://www.0x000000.com/?i=524 http://www.gnucitizen.org/projects/router-hacking-challenge/ http://www.kb.cert.org/vuls/id/248372 http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28122 http://www.sharemethods.net/nepal/servlet/open?keeppath=false&aid=29820 http://www.vupen.com/english/advisories/2008/0802/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41052

CVSS v2.0

Source Entity [email protected]

Severity HIGH

10.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-1262 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/31342

View Code

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

March 10, 2008 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.