## https://sploitus.com/exploit?id=SAINT:7F9D87232396055F991994289C5F0423
Added: 09/27/2022
### Background
Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users.
### Problem
A command injection vulnerability when `**diagnostics.cgi**` handles the `**pingDiagnostic**` command could allow a remote attacker to execute arbitrary commands.
### Resolution
It is unknown whether this will be fixed. Restrict access to the https service.
### References
<https://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html>
### Limitations
Exploit works on Airspan AirSpot 5410 version 0.3.4.1-4 (Ubuntu).