CVE-2017-3216
First published: Tue Jun 20 2017(Updated: )
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Greenpacket Ox350 Firmware | ||
| Greenpacket Ox350 Firmware | ||
| Huawei Bm2022 | ||
| Huawei Bm2022 Firmware | ||
| Huawei Hes-309m | ||
| Huawei Hes-309m Firmware | ||
| Huawei Hes-319m2w Firmware | ||
| Huawei Hes-319m | ||
| Hes-319M2W | ||
| Hes-319M2W | ||
| Huawei Hes-339m | ||
| Huawei Hes-339m Firmware | ||
| Mada Soho Wireless Router Firmware | ||
| Lenovo ThinkPad Stack Wireless Router firmware | ||
| ZTE OX-330P Firmware | ||
| ZTE OX-330P Firmware | ||
| Zyxel Max218m1w Firmware | ||
| Zyxel Max218m1w Firmware | ||
| Zyxel Max218m1w | ||
| Zyxel Max218m1w Firmware | ||
| Zyxel Max218m1w Firmware | ||
| Zyxel Max218MW Firmware | ||
| Zyxel Max308m Firmware | ||
| Zyxel Max308m Firmware | ||
| Zyxel Max318m Firmware | ||
| Zyxel Max318m Firmware | ||
| Zyxel Max338m | ||
| Zyxel Max338m Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3216?
CVE-2017-3216 is classified as a high severity vulnerability due to the potential for a remote attacker to gain administrative access without authentication.
How does CVE-2017-3216 exploit authentication bypass?
CVE-2017-3216 allows an attacker to bypass authentication by changing the administrator password through a crafted POST request.
What devices are affected by CVE-2017-3216?
CVE-2017-3216 affects several WiMAX routers based on the MediaTek SDK including specific models from manufacturers like Greenpacket, Huawei, Mada, ZTE, and Zyxel.
How can CVE-2017-3216 be mitigated?
To mitigate CVE-2017-3216, ensure that your device firmware is updated to the latest version provided by the manufacturer to address this vulnerability.
Is CVE-2017-3216 a common vulnerability in WiMAX routers?
Yes, CVE-2017-3216 is a notable example of an authentication bypass vulnerability that has been identified in multiple WiMAX router models.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/greenpacket
- canonical/greenpacket ox350 firmware
- vendor/huawei
- canonical/huawei bm2022
- canonical/huawei bm2022 firmware
- canonical/huawei hes-309m
- canonical/huawei hes-309m firmware
- canonical/huawei hes-319m2w firmware
- canonical/huawei hes-319m
- canonical/hes-319m2w
- canonical/huawei hes-339m
- canonical/huawei hes-339m firmware
- vendor/mada
- canonical/mada soho wireless router firmware
- canonical/lenovo thinkpad stack wireless router firmware
- vendor/zte
- canonical/zte ox-330p firmware
- vendor/zyxel
- canonical/zyxel max218m1w firmware
- canonical/zyxel max218m1w
- canonical/zyxel max218mw firmware
- canonical/zyxel max308m firmware
- canonical/zyxel max318m firmware
- canonical/zyxel max338m
- canonical/zyxel max338m firmware