WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
[
{
"product": "BM2022",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.14"
}
]
},
{
"product": "HES-309M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M2W",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-339M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX350",
"vendor": "Green Packet",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX-330P",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX218M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXG.0)D0"
}
]
},
{
"product": "MAX218M1W",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXE.3)D0"
}
]
},
{
"product": "MAX218MW",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXD.2)D0"
}
]
},
{
"product": "MAX308M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UUA.3)D0"
}
]
},
{
"product": "MAX318M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX338M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "Soho Wireless Router",
"vendor": "MADA",
"versions": [
{
"status": "affected",
"version": "2.10.13"
}
]
}
]