CVE-2017-3216
N/A
N/A
Summary
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Huawei Technologies | BM2022 | 2.10.14 | affected |
| Huawei Technologies | HES-309M | unknown | affected |
| Huawei Technologies | HES-319M | unknown | affected |
| Huawei Technologies | HES-319M2W | unknown | affected |
| Huawei Technologies | HES-339M | unknown | affected |
| Green Packet | OX350 | unknown | affected |
| ZTE | OX-330P | unknown | affected |
| ZyXEL | MAX218M | 2.00(UXG.0)D0 | affected |
| ZyXEL | MAX218M1W | 2.00(UXE.3)D0 | affected |
| ZyXEL | MAX218MW | 2.00(UXD.2)D0 | affected |
| ZyXEL | MAX308M | 2.00(UUA.3)D0 | affected |
| ZyXEL | MAX318M | unknown | affected |
| ZyXEL | MAX338M | unknown | affected |
| MADA | Soho Wireless Router | 2.10.13 | affected |
Weaknesses
- CWE-306: CWE-306
ADP Enrichment
CVE Program Container
Additional References
- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
- https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt
- http://www.kb.cert.org/vuls/id/350135
References
- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
- https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt
- http://www.kb.cert.org/vuls/id/350135
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.