Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 20/06/2017 Updated: 09/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated malicious user to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
greenpacket ox350_firmware -
huawei bm2022_firmware -
huawei hes-309m_firmware -
huawei hes-319m_firmware -
huawei hes-319m2w_firmware -
huawei hes-339m_firmware -
mada soho_wireless_router_firmware -
zte ox-330p_firmware -
zyxel max218m_firmware -
zyxel max218m1w_firmware -
zyxel max218mw_firmware -
zyxel max308m_fimware -
zyxel max318m_firmware -
zyxel max338m_firmware -

CWE-306 https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt http://www.kb.cert.org/vuls/id/350135 http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html https://nvd.nist.gov https://www.kb.cert.org/vuls/id/350135

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-3216

Vulnerability Summary

References

Vulmon Search

About

Products

Connect