CVE-2022-21800
Severity CVSS v4.0:
Pending analysis
Type:
CWE-326
Inadequate Encryption Strength
Publication date:
18/02/2022
Last modified:
24/07/2023
Description
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before storing them but does not salt the hash. As a result, attackers may be able to crack the hashed passwords.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:airspan:mimosa_management_platform:*:*:*:*:*:*:*:* | 1.0.3 (excluding) | |
| cpe:2.3:o:airspan:c6x_firmware:*:*:*:*:*:*:*:* | 2.8.6.1 (excluding) | |
| cpe:2.3:h:airspan:c6x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:airspan:c5x_firmware:*:*:*:*:*:*:*:* | 2.8.6.1 (excluding) | |
| cpe:2.3:h:airspan:c5x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:airspan:c5c_firmware:*:*:*:*:*:*:*:* | 2.8.6.1 (excluding) | |
| cpe:2.3:h:airspan:c5c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:airspan:a5x_firmware:*:*:*:*:*:*:*:* | 2.5.4.1 (excluding) | |
| cpe:2.3:h:airspan:a5x:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page