Vulnerability Details CVE-2017-3216
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
- http://www.kb.cert.org/vuls/id/350135
- https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt
- http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
- http://www.kb.cert.org/vuls/id/350135
- https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt
Products affected by CVE-2017-3216
-
cpe:2.3:h:greenpacket:ox350:-
-
cpe:2.3:h:huawei:bm2022:-
-
cpe:2.3:h:huawei:hes-309m:-
-
cpe:2.3:h:huawei:hes-319m2w:-
-
cpe:2.3:h:huawei:hes-319m:-
-
cpe:2.3:h:huawei:hes-339m:-
-
cpe:2.3:h:mada:soho_wireless_router:-
-
cpe:2.3:h:zte:ox-330p:-
-
cpe:2.3:h:zyxel:max218m1w:-
-
cpe:2.3:h:zyxel:max218m:-
-
cpe:2.3:h:zyxel:max218mw:-
-
cpe:2.3:h:zyxel:max308m:-
-
cpe:2.3:h:zyxel:max318m:-
-
cpe:2.3:h:zyxel:max338m:-
-
cpe:2.3:o:greenpacket:ox350_firmware:-
-
cpe:2.3:o:huawei:bm2022_firmware:-
-
cpe:2.3:o:huawei:hes-309m_firmware:-
-
cpe:2.3:o:huawei:hes-319m2w_firmware:-
-
cpe:2.3:o:huawei:hes-319m_firmware:-
-
cpe:2.3:o:huawei:hes-339m_firmware:-
-
cpe:2.3:o:mada:soho_wireless_router_firmware:-
-
cpe:2.3:o:zte:ox-330p_firmware:-
-
cpe:2.3:o:zyxel:max218m1w_firmware:-
-
cpe:2.3:o:zyxel:max218m_firmware:-
-
cpe:2.3:o:zyxel:max218mw_firmware:-
-
cpe:2.3:o:zyxel:max308m_fimware:-
-
cpe:2.3:o:zyxel:max318m_firmware:-
-
cpe:2.3:o:zyxel:max338m_firmware:-