CVE-2017-3216

Published: Jun 20, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Affected (14)

Products: Greenpacket: Ox350 Firmware · Huawei: Bm2022 Firmware, Hes 309m Firmware, Hes 319m Firmware, Hes 319m2w Firmware, Hes 339m Firmware · Mada: Soho Wireless Router Firmware · +2 more

Show all products

Greenpacket: Ox350 Firmware · Huawei: Bm2022 Firmware, Hes 309m Firmware, Hes 319m Firmware, Hes 319m2w Firmware, Hes 339m Firmware · Mada: Soho Wireless Router Firmware · Zte: Ox 330p Firmware · Zyxel: Max218m Firmware, Max218m1w Firmware, Max218mw Firmware, Max308m Fimware, Max318m Firmware, Max338m Firmware

1 product

5 products

1 product

Soho Wireless Router Firmware

1 product

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Greenpacket Ox350 Firmware	All versions

Running on/with	Platform Versions
Greenpacket Ox350	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Bm2022 Firmware	All versions

Running on/with	Platform Versions
Huawei Bm2022	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Hes 309m Firmware	All versions

Running on/with	Platform Versions
Huawei Hes 309m	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Hes 319m Firmware	All versions

Running on/with	Platform Versions
Huawei Hes 319m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Hes 319m2w Firmware	All versions

Running on/with	Platform Versions
Huawei Hes 319m2w	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Hes 339m Firmware	All versions

Running on/with	Platform Versions
Huawei Hes 339m	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mada Soho Wireless Router Firmware	All versions

Running on/with	Platform Versions
Mada Soho Wireless Router	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zte Ox 330p Firmware	All versions

Running on/with	Platform Versions
Zte Ox 330p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max218m Firmware	All versions

Running on/with	Platform Versions
Zyxel Max218m	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max218m1w Firmware	All versions

Running on/with	Platform Versions
Zyxel Max218m1w	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max218mw Firmware	All versions

Running on/with	Platform Versions
Zyxel Max218mw	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max308m Fimware	All versions

Running on/with	Platform Versions
Zyxel Max308m	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max318m Firmware	All versions

Running on/with	Platform Versions
Zyxel Max318m	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zyxel Max338m Firmware	All versions

Running on/with	Platform Versions
Zyxel Max338m	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html

Source: cret@cert.org

Third Party Advisory

http://www.kb.cert.org/vuls/id/350135

Source: cret@cert.org

MitigationThird Party AdvisoryUS Government Resource

https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt

Source: cret@cert.org

ExploitThird Party Advisory

http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kb.cert.org/vuls/id/350135

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.