Vulnerability Note VU#248372
AirSpan WiMAX ProST web management interface authentication bypass vulnerability
The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes.
The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web management interface of the Airspan WiMax ProST does not properly authenticate HTTP POST requests.
By sending HTTP POST requests to a vulnerable ProST device, a remote, unauthenticated attacker may be able to make arbitrary configuration changes. The attacker could potentially disable the device by uploading an invalid firmware image.
From AirSpan WiMAX product bulletin PB/ASM/2008/016 Rev A:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Airspan||Affected||27 Dec 2007||13 Mar 2008|
|Wind River Systems, Inc.||Unknown||12 Mar 2008||12 Mar 2008|
CVSS Metrics (Learn More)
Thanks to Arthur Lashin for reporting this vulnerability and Francis Lacoste-Cordeau for information that was used in this report..
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2008-1262
- Date Public: 06 Mar 2008
- Date First Published: 06 Mar 2008
- Date Last Updated: 10 Apr 2008
- Severity Metric: 6.48
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.