CWE
306
Advisory Published
Updated

CVE-2017-3216

First published: Tue Jun 20 2017(Updated: )

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Credit: cret@cert.org

Affected SoftwareAffected VersionHow to fix
Greenpacket Ox350 Firmware
Greenpacket Ox350
Huawei Bm2022 Firmware
Huawei Bm2022
Huawei Hes-309m Firmware
Huawei Hes-309m
Huawei Hes-319m Firmware
Huawei Hes-319m
Huawei Hes-319m2w Firmware
Huawei Hes-319m2w
Huawei Hes-339m Firmware
Huawei Hes-339m
Mada Soho Wireless Router Firmware
Mada Soho Wireless Router
Zte Ox-330p Firmware
ZTE OX-330P
Zyxel Max218m Firmware
Zyxel Max218m
Zyxel Max218m1w Firmware
Zyxel Max218m1w
Zyxel Max218mw Firmware
Zyxel Max218mw
Zyxel Max308m Fimware
Zyxel Max308m
Zyxel Max318m Firmware
Zyxel Max318m
Zyxel Max338m Firmware
Zyxel Max338m

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203