CVE-2017-3216

Summary

CVE	CVE-2017-3216
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-06-20 00:29:00 UTC
Updated	2019-10-09 23:27:00 UTC
Description	WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Risk And Classification

Problem Types: CWE-306

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Greenpacket	Ox350	-	All	All	All
Hardware	Greenpacket	Ox350	-	All	All	All
Operating System	Greenpacket	Ox350 Firmware	-	All	All	All
Operating System	Greenpacket	Ox350 Firmware	-	All	All	All
Hardware	Huawei	Bm2022	-	All	All	All
Hardware	Huawei	Bm2022	-	All	All	All
Operating System	Huawei	Bm2022 Firmware	-	All	All	All
Operating System	Huawei	Bm2022 Firmware	-	All	All	All
Hardware	Huawei	Hes-309m	-	All	All	All
Hardware	Huawei	Hes-309m	-	All	All	All
Operating System	Huawei	Hes-309m Firmware	-	All	All	All
Operating System	Huawei	Hes-309m Firmware	-	All	All	All
Hardware	Huawei	Hes-319m	-	All	All	All
Hardware	Huawei	Hes-319m	-	All	All	All
Hardware	Huawei	Hes-319m2w	-	All	All	All
Hardware	Huawei	Hes-319m2w	-	All	All	All
Operating System	Huawei	Hes-319m2w Firmware	-	All	All	All
Operating System	Huawei	Hes-319m2w Firmware	-	All	All	All
Operating System	Huawei	Hes-319m Firmware	-	All	All	All
Operating System	Huawei	Hes-319m Firmware	-	All	All	All
Hardware	Huawei	Hes-339m	-	All	All	All
Hardware	Huawei	Hes-339m	-	All	All	All
Operating System	Huawei	Hes-339m Firmware	-	All	All	All
Operating System	Huawei	Hes-339m Firmware	-	All	All	All
Hardware	Mada	Soho Wireless Router	-	All	All	All
Hardware	Mada	Soho Wireless Router	-	All	All	All
Operating System	Mada	Soho Wireless Router Firmware	-	All	All	All
Operating System	Mada	Soho Wireless Router Firmware	-	All	All	All
Hardware	Zte	Ox-330p	-	All	All	All
Hardware	Zte	Ox-330p	-	All	All	All
Operating System	Zte	Ox-330p Firmware	-	All	All	All
Operating System	Zte	Ox-330p Firmware	-	All	All	All
Hardware	Zyxel	Max218m	-	All	All	All
Hardware	Zyxel	Max218m	-	All	All	All
Hardware	Zyxel	Max218m1w	-	All	All	All
Hardware	Zyxel	Max218m1w	-	All	All	All
Operating System	Zyxel	Max218m1w Firmware	-	All	All	All
Operating System	Zyxel	Max218m1w Firmware	-	All	All	All
Hardware	Zyxel	Max218mw	-	All	All	All
Hardware	Zyxel	Max218mw	-	All	All	All
Operating System	Zyxel	Max218mw Firmware	-	All	All	All
Operating System	Zyxel	Max218mw Firmware	-	All	All	All
Operating System	Zyxel	Max218m Firmware	-	All	All	All
Operating System	Zyxel	Max218m Firmware	-	All	All	All
Hardware	Zyxel	Max308m	-	All	All	All
Hardware	Zyxel	Max308m	-	All	All	All
Operating System	Zyxel	Max308m Fimware	-	All	All	All
Operating System	Zyxel	Max308m Fimware	-	All	All	All
Hardware	Zyxel	Max318m	-	All	All	All
Hardware	Zyxel	Max318m	-	All	All	All
Operating System	Zyxel	Max318m Firmware	-	All	All	All
Operating System	Zyxel	Max318m Firmware	-	All	All	All
Hardware	Zyxel	Max338m	-	All	All	All
Hardware	Zyxel	Max338m	-	All	All	All
Operating System	Zyxel	Max338m Firmware	-	All	All	All
Operating System	Zyxel	Max338m Firmware	-	All	All	All

References

Reference	Source	Link	Tags
404 - Page not found! - SEC Consult	MISC	blog.sec-consult.com	Third Party Advisory
Vulnerability Lab - SEC Consult	MISC	sec-consult.com	Exploit, Third Party Advisory
VU#350135 - Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin	CERT-VN	www.kb.cert.org	Mitigation, Third Party Advisory, US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.