CVE-2017-3216

Summary

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Affected Software

VendorProductVersion RangeStatus
Huawei TechnologiesBM20222.10.14affected
Huawei TechnologiesHES-309Munknownaffected
Huawei TechnologiesHES-319Munknownaffected
Huawei TechnologiesHES-319M2Wunknownaffected
Huawei TechnologiesHES-339Munknownaffected
Green PacketOX350unknownaffected
ZTEOX-330Punknownaffected
ZyXELMAX218M2.00(UXG.0)D0affected
ZyXELMAX218M1W2.00(UXE.3)D0affected
ZyXELMAX218MW2.00(UXD.2)D0affected
ZyXELMAX308M2.00(UUA.3)D0affected
ZyXELMAX318Munknownaffected
ZyXELMAX338Munknownaffected
MADASoho Wireless Router2.10.13affected

Weaknesses

  • CWE-306: CWE-306

ADP Enrichment

CVE Program Container

Additional References

References