CVE-2017-3216

2017-06-2000:00:00

CWE-306

certcc

www.cve.org

9.9 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

CNA Affected

[
  {
    "product": "BM2022",
    "vendor": "Huawei Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "2.10.14"
      }
    ]
  },
  {
    "product": "HES-309M",
    "vendor": "Huawei Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "HES-319M",
    "vendor": "Huawei Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "HES-319M2W",
    "vendor": "Huawei Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "HES-339M",
    "vendor": "Huawei Technologies",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "OX350",
    "vendor": "Green Packet",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "OX-330P",
    "vendor": "ZTE",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "MAX218M",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "2.00(UXG.0)D0"
      }
    ]
  },
  {
    "product": "MAX218M1W",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "2.00(UXE.3)D0"
      }
    ]
  },
  {
    "product": "MAX218MW",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "2.00(UXD.2)D0"
      }
    ]
  },
  {
    "product": "MAX308M",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "2.00(UUA.3)D0"
      }
    ]
  },
  {
    "product": "MAX318M",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "MAX338M",
    "vendor": "ZyXEL",
    "versions": [
      {
        "status": "affected",
        "version": "unknown"
      }
    ]
  },
  {
    "product": "Soho Wireless Router",
    "vendor": "MADA",
    "versions": [
      {
        "status": "affected",
        "version": "2.10.13"
      }
    ]
  }
]