Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities found for Soho Wireless Router by MADA
VAR-201706-0448
Vulnerability from variot - Updated: 2023-12-18 13:14WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "max218m1w",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m fimware",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "ox350",
"scope": "eq",
"trust": 1.0,
"vendor": "greenpacket",
"version": null
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "mada",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.9,
"vendor": "mada",
"version": "2.10.13"
},
{
"model": "ox-350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "ox350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "2.10.14"
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 0.9,
"vendor": "zte",
"version": "0"
},
{
"model": "max218m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m1w 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "max338m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "ox-350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "ox350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "(version: v2.10.14)"
},
{
"model": "hes-309m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "mada",
"version": "(version: v2.10.13)"
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxg.0)d0)"
},
{
"model": "max218m1w",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxe.3)d0)"
},
{
"model": "max218mw",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxd.2)d0)"
},
{
"model": "max308m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uua.3)d0)"
},
{
"model": "max318m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:greenpacket:ox350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:greenpacket:ox350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:bm2022_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:bm2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-309m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-309m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m2w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m2w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-339m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-339m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mada:soho_wireless_router_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mada:soho_wireless_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m1w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m1w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218mw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218mw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max308m_fimware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max308m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max318m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max318m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max338m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max338m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "99078"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14427",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-003883",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111419",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3216",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#350135",
"trust": 3.7
},
{
"db": "BID",
"id": "99078",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92606107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"id": "VAR-201706-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
}
],
"trust": 1.358968255333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
}
]
},
"last_update_date": "2023-12-18T13:14:15.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/authentication-bypass-potential-backdoors-plague-old-wimax-routers/126135/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_various_wimax_cpes_authentication_bypass_v10.txt"
},
{
"trust": 3.4,
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20170608-01-wimax-en"
},
{
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_vulnerability_cve_2017_3216.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3216"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92606107/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3216"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/99078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2017-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2017-06-20T00:29:00.267000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2019-10-09T23:27:24.010000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin",
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
}
}
CVE-2017-3216 (GCVE-0-2017-3216)
Vulnerability from nvd – Published: 2017-06-20 00:00 – Updated: 2024-08-05 14:16
VLAI
Summary
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://blog.sec-consult.com/2017/06/ghosts-from-p… | x_refsource_MISC |
| https://sec-consult.com/fxdata/seccons/prod/temed… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/350135 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies | BM2022 |
Affected:
2.10.14
|
|
| Huawei Technologies | HES-309M |
Affected:
unknown
|
|
| Huawei Technologies | HES-319M |
Affected:
unknown
|
|
| Huawei Technologies | HES-319M2W |
Affected:
unknown
|
|
| Huawei Technologies | HES-339M |
Affected:
unknown
|
|
| Green Packet | OX350 |
Affected:
unknown
|
|
| ZTE | OX-330P |
Affected:
unknown
|
|
| ZyXEL | MAX218M |
Affected:
2.00(UXG.0)D0
|
|
| ZyXEL | MAX218M1W |
Affected:
2.00(UXE.3)D0
|
|
| ZyXEL | MAX218MW |
Affected:
2.00(UXD.2)D0
|
|
| ZyXEL | MAX308M |
Affected:
2.00(UUA.3)D0
|
|
| ZyXEL | MAX318M |
Affected:
unknown
|
|
| ZyXEL | MAX338M |
Affected:
unknown
|
|
| MADA | Soho Wireless Router |
Affected:
2.10.13
|
Date Public
2017-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BM2022",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.14"
}
]
},
{
"product": "HES-309M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M2W",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-339M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX350",
"vendor": "Green Packet",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX-330P",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX218M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXG.0)D0"
}
]
},
{
"product": "MAX218M1W",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXE.3)D0"
}
]
},
{
"product": "MAX218MW",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXD.2)D0"
}
]
},
{
"product": "MAX308M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UUA.3)D0"
}
]
},
{
"product": "MAX318M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX338M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "Soho Wireless Router",
"vendor": "MADA",
"versions": [
{
"status": "affected",
"version": "2.10.13"
}
]
}
],
"datePublic": "2017-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BM2022",
"version": {
"version_data": [
{
"version_value": "2.10.14"
}
]
}
},
{
"product_name": "HES-309M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M2W",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-339M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies"
},
{
"product": {
"product_data": [
{
"product_name": "OX350",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Green Packet"
},
{
"product": {
"product_data": [
{
"product_name": "OX-330P",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZTE"
},
{
"product": {
"product_data": [
{
"product_name": "MAX218M",
"version": {
"version_data": [
{
"version_value": "2.00(UXG.0)D0"
}
]
}
},
{
"product_name": "MAX218M1W",
"version": {
"version_data": [
{
"version_value": "2.00(UXE.3)D0"
}
]
}
},
{
"product_name": "MAX218MW",
"version": {
"version_data": [
{
"version_value": "2.00(UXD.2)D0"
}
]
}
},
{
"product_name": "MAX308M",
"version": {
"version_data": [
{
"version_value": "2.00(UUA.3)D0"
}
]
}
},
{
"product_name": "MAX318M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "MAX338M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZyXEL"
},
{
"product": {
"product_data": [
{
"product_name": "Soho Wireless Router",
"version": {
"version_data": [
{
"version_value": "2.10.13"
}
]
}
}
]
},
"vendor_name": "MADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html",
"refsource": "MISC",
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"name": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt",
"refsource": "MISC",
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3216",
"datePublished": "2017-06-20T00:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3216 (GCVE-0-2017-3216)
Vulnerability from cvelistv5 – Published: 2017-06-20 00:00 – Updated: 2024-08-05 14:16
VLAI
Summary
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://blog.sec-consult.com/2017/06/ghosts-from-p… | x_refsource_MISC |
| https://sec-consult.com/fxdata/seccons/prod/temed… | x_refsource_MISC |
| http://www.kb.cert.org/vuls/id/350135 | third-party-advisoryx_refsource_CERT-VN |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Huawei Technologies | BM2022 |
Affected:
2.10.14
|
|
| Huawei Technologies | HES-309M |
Affected:
unknown
|
|
| Huawei Technologies | HES-319M |
Affected:
unknown
|
|
| Huawei Technologies | HES-319M2W |
Affected:
unknown
|
|
| Huawei Technologies | HES-339M |
Affected:
unknown
|
|
| Green Packet | OX350 |
Affected:
unknown
|
|
| ZTE | OX-330P |
Affected:
unknown
|
|
| ZyXEL | MAX218M |
Affected:
2.00(UXG.0)D0
|
|
| ZyXEL | MAX218M1W |
Affected:
2.00(UXE.3)D0
|
|
| ZyXEL | MAX218MW |
Affected:
2.00(UXD.2)D0
|
|
| ZyXEL | MAX308M |
Affected:
2.00(UUA.3)D0
|
|
| ZyXEL | MAX318M |
Affected:
unknown
|
|
| ZyXEL | MAX338M |
Affected:
unknown
|
|
| MADA | Soho Wireless Router |
Affected:
2.10.13
|
Date Public
2017-06-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BM2022",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.14"
}
]
},
{
"product": "HES-309M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M2W",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-339M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX350",
"vendor": "Green Packet",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX-330P",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX218M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXG.0)D0"
}
]
},
{
"product": "MAX218M1W",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXE.3)D0"
}
]
},
{
"product": "MAX218MW",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXD.2)D0"
}
]
},
{
"product": "MAX308M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UUA.3)D0"
}
]
},
{
"product": "MAX318M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX338M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "Soho Wireless Router",
"vendor": "MADA",
"versions": [
{
"status": "affected",
"version": "2.10.13"
}
]
}
],
"datePublic": "2017-06-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BM2022",
"version": {
"version_data": [
{
"version_value": "2.10.14"
}
]
}
},
{
"product_name": "HES-309M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M2W",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-339M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies"
},
{
"product": {
"product_data": [
{
"product_name": "OX350",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Green Packet"
},
{
"product": {
"product_data": [
{
"product_name": "OX-330P",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZTE"
},
{
"product": {
"product_data": [
{
"product_name": "MAX218M",
"version": {
"version_data": [
{
"version_value": "2.00(UXG.0)D0"
}
]
}
},
{
"product_name": "MAX218M1W",
"version": {
"version_data": [
{
"version_value": "2.00(UXE.3)D0"
}
]
}
},
{
"product_name": "MAX218MW",
"version": {
"version_data": [
{
"version_value": "2.00(UXD.2)D0"
}
]
}
},
{
"product_name": "MAX308M",
"version": {
"version_data": [
{
"version_value": "2.00(UUA.3)D0"
}
]
}
},
{
"product_name": "MAX318M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "MAX338M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZyXEL"
},
{
"product": {
"product_data": [
{
"product_name": "Soho Wireless Router",
"version": {
"version_data": [
{
"version_value": "2.10.13"
}
]
}
}
]
},
"vendor_name": "MADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html",
"refsource": "MISC",
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"name": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt",
"refsource": "MISC",
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3216",
"datePublished": "2017-06-20T00:00:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:16:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}