CVE-2022-36267: Airspan AirSpot unauthenticated remote command injection flaw