## https://sploitus.com/exploit?id=SAINT:D886454326C18F00540D5310114E241E
Added: 09/27/2022
### Background
Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users.
### Problem
A command injection vulnerability when `**diagnostics.cgi**` handles the `**pingDiagnostic**` command could allow a remote attacker to execute arbitrary commands.
### Resolution
It is unknown whether this will be fixed. Restrict access to the https service.
### References
<https://packetstormsecurity.com/files/168047/AirSpot-5410-0.3.4.1-4-Remote-Command-Injection.html>
### Limitations
Exploit works on Airspan AirSpot 5410 version 0.3.4.1-4 (Ubuntu).