All the vulnerabilites related to zte - ox-330p
var-201708-0143
Vulnerability from variot
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h108n",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "hg110",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "gan9.8t101a-b",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "mf28g",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "w300v1.0.0s zrd tr1 d68",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h108n",
"scope": null,
"trust": 1.2,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "actiontec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unify",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "w300v1.0.0s zrd tr1 d68",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "hg110",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "gan9.8t101a-b",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf28g",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"cve": "CVE-2015-7255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33516",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7255",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7255",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33516",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85216",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-7255",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU96100360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"id": "VAR-201708-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
}
],
"trust": 1.2870330757142856
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
}
]
},
"last_update_date": "2023-12-18T12:57:18.133000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_ssh_private_key_and_certificate_vulnerability.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/bluu-a2nqyr"
},
{
"trust": 1.6,
"url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
},
{
"trust": 1.6,
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%e2%9c%93"
},
{
"trust": 0.8,
"url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/certificates.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/ssh_host_keys.html"
},
{
"trust": 0.8,
"url": "https://scans.io/"
},
{
"trust": 0.8,
"url": "https://scans.io/series/ssh-rsa-full-ipv4"
},
{
"trust": 0.8,
"url": "https://scans.io/study/sonar.ssl"
},
{
"trust": 0.8,
"url": "https://censys.io"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96100360/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
},
{
"trust": 0.1,
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026amp;q=zte\u0026amp;type=\u0026amp;utf8=%e2%9c%93"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-85216"
},
{
"date": "2016-02-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-08-29T15:29:00.517000",
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"date": "2017-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85216"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-09-12T15:56:48.910000",
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
],
"trust": 0.6
}
}
var-201706-0448
Vulnerability from variot
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "max218m1w",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m fimware",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "ox350",
"scope": "eq",
"trust": 1.0,
"vendor": "greenpacket",
"version": null
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "mada",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.9,
"vendor": "mada",
"version": "2.10.13"
},
{
"model": "ox-350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "ox350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "2.10.14"
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 0.9,
"vendor": "zte",
"version": "0"
},
{
"model": "max218m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m1w 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "max338m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "ox-350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "ox350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "(version: v2.10.14)"
},
{
"model": "hes-309m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "mada",
"version": "(version: v2.10.13)"
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxg.0)d0)"
},
{
"model": "max218m1w",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxe.3)d0)"
},
{
"model": "max218mw",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxd.2)d0)"
},
{
"model": "max308m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uua.3)d0)"
},
{
"model": "max318m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:greenpacket:ox350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:greenpacket:ox350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:bm2022_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:bm2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-309m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-309m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m2w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m2w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-339m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-339m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mada:soho_wireless_router_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mada:soho_wireless_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m1w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m1w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218mw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218mw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max308m_fimware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max308m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max318m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max318m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max338m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max338m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "99078"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14427",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-003883",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111419",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3216",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#350135",
"trust": 3.7
},
{
"db": "BID",
"id": "99078",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92606107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"id": "VAR-201706-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
}
],
"trust": 1.358968255333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
}
]
},
"last_update_date": "2023-12-18T13:14:15.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/authentication-bypass-potential-backdoors-plague-old-wimax-routers/126135/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_various_wimax_cpes_authentication_bypass_v10.txt"
},
{
"trust": 3.4,
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20170608-01-wimax-en"
},
{
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_vulnerability_cve_2017_3216.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3216"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92606107/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3216"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/99078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2017-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2017-06-20T00:29:00.267000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2019-10-09T23:27:24.010000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin",
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
}
}
cve-2015-7255
Vulnerability from cvelistv5
Published
2017-08-29 15:00
Modified
2024-08-06 07:43
Severity ?
EPSS score ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | x_refsource_MISC | |
| https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-29T14:57:02",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-7255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93",
"refsource": "MISC",
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93"
},
{
"name": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2015-7255",
"datePublished": "2017-08-29T15:00:00",
"dateReserved": "2015-09-18T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3216
Vulnerability from cvelistv5
Published
2017-06-20 00:00
Modified
2024-08-05 14:16
Severity ?
EPSS score ?
Summary
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html | x_refsource_MISC | |
| https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/350135 | third-party-advisory, x_refsource_CERT-VN |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Huawei Technologies | BM2022 |
Version: 2.10.14 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BM2022",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "2.10.14"
}
]
},
{
"product": "HES-309M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-319M2W",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "HES-339M",
"vendor": "Huawei Technologies",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX350",
"vendor": "Green Packet",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "OX-330P",
"vendor": "ZTE",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX218M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXG.0)D0"
}
]
},
{
"product": "MAX218M1W",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXE.3)D0"
}
]
},
{
"product": "MAX218MW",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UXD.2)D0"
}
]
},
{
"product": "MAX308M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "2.00(UUA.3)D0"
}
]
},
{
"product": "MAX318M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "MAX338M",
"vendor": "ZyXEL",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
},
{
"product": "Soho Wireless Router",
"vendor": "MADA",
"versions": [
{
"status": "affected",
"version": "2.10.13"
}
]
}
],
"datePublic": "2017-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-19T23:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BM2022",
"version": {
"version_data": [
{
"version_value": "2.10.14"
}
]
}
},
{
"product_name": "HES-309M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-319M2W",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "HES-339M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies"
},
{
"product": {
"product_data": [
{
"product_name": "OX350",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "Green Packet"
},
{
"product": {
"product_data": [
{
"product_name": "OX-330P",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZTE"
},
{
"product": {
"product_data": [
{
"product_name": "MAX218M",
"version": {
"version_data": [
{
"version_value": "2.00(UXG.0)D0"
}
]
}
},
{
"product_name": "MAX218M1W",
"version": {
"version_data": [
{
"version_value": "2.00(UXE.3)D0"
}
]
}
},
{
"product_name": "MAX218MW",
"version": {
"version_data": [
{
"version_value": "2.00(UXD.2)D0"
}
]
}
},
{
"product_name": "MAX308M",
"version": {
"version_data": [
{
"version_value": "2.00(UUA.3)D0"
}
]
}
},
{
"product_name": "MAX318M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
},
{
"product_name": "MAX338M",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "ZyXEL"
},
{
"product": {
"product_data": [
{
"product_name": "Soho Wireless Router",
"version": {
"version_data": [
{
"version_value": "2.10.13"
}
]
}
}
]
},
"vendor_name": "MADA"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html",
"refsource": "MISC",
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"name": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt",
"refsource": "MISC",
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"name": "VU#350135",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2017-3216",
"datePublished": "2017-06-20T00:00:00",
"dateReserved": "2016-12-05T00:00:00",
"dateUpdated": "2024-08-05T14:16:28.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2017-08-29 15:29
Modified
2024-11-21 02:36
Severity ?
Summary
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| cret@cert.org | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| cret@cert.org | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/566724 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/BLUU-A2NQYR | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zte | ox-330p_firmware | - | |
| zte | ox-330p | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - | |
| zte | w300v1.0.0s_zrd_tr1_d68_firmware | - | |
| zte | w300v1.0.0s_zrd_tr1_d68 | - | |
| zte | hg110_firmware | - | |
| zte | hg110 | - | |
| zte | gan9.8t101a-b_firmware | - | |
| zte | gan9.8t101a-b | - | |
| zte | mf28g_firmware | - | |
| zte | mf28g | - | |
| zte | zxhn_h108n_firmware | - | |
| zte | zxhn_h108n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB20B496-6386-49B4-9103-45729D61F435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952793D7-1F57-42F3-9379-F9A31289E4AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D2542D-8293-415B-903E-2F21F0D76B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:w300v1.0.0s_zrd_tr1_d68_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "499B358C-5391-4BD4-AE41-CF5FBE7275D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:w300v1.0.0s_zrd_tr1_d68:-:*:*:*:*:*:*:*",
"matchCriteriaId": "913EF52F-FF31-4CC7-B875-4998D00C4DE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:hg110_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "807D447D-DEC7-4C57-8DC2-6331CDF0E5D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:hg110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5230DF2-DBBB-4056-B4BD-582AD0E57452",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:gan9.8t101a-b_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABF80049-ED6B-4161-AA35-1460E1EA7E50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:gan9.8t101a-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C73083E-D6FA-4AB2-8C21-22101232AC67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:mf28g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C233563-DBCE-4DC5-B28C-C7EFABDB11D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:mf28g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAFEC2D-3EBF-43D8-A662-A8D206A1E885",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:zxhn_h108n_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D2542D-8293-415B-903E-2F21F0D76B1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6094FC9D-0E19-499B-8D3E-7C1BF5D7FEBD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device."
},
{
"lang": "es",
"value": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, y ZXHN H108N utilizan certificados X.509 no \u00fanicos y claves de host SSH, lo que puede permitir a los atacantes remotos que obtengan credenciales u otra informaci\u00f3n sensible a trav\u00e9s de un ataque Man-in-the-Middle (MitM), un ataque de descifrado pasivo o mediante la suplantaci\u00f3n de un dispositivo leg\u00edtimo."
}
],
"id": "CVE-2015-7255",
"lastModified": "2024-11-21T02:36:26.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-29T15:29:00.517",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%E2%9C%93"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/BLUU-A2NQYR"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-20 00:29
Modified
2024-11-21 03:25
Severity ?
Summary
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html | Third Party Advisory | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/350135 | Mitigation, Third Party Advisory, US Government Resource | |
| cret@cert.org | https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/350135 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| greenpacket | ox350_firmware | - | |
| greenpacket | ox350 | - | |
| huawei | bm2022_firmware | - | |
| huawei | bm2022 | - | |
| huawei | hes-309m_firmware | - | |
| huawei | hes-309m | - | |
| huawei | hes-319m_firmware | - | |
| huawei | hes-319m | - | |
| huawei | hes-319m2w_firmware | - | |
| huawei | hes-319m2w | - | |
| huawei | hes-339m_firmware | - | |
| huawei | hes-339m | - | |
| mada | soho_wireless_router_firmware | - | |
| mada | soho_wireless_router | - | |
| zte | ox-330p_firmware | - | |
| zte | ox-330p | - | |
| zyxel | max218m_firmware | - | |
| zyxel | max218m | - | |
| zyxel | max218m1w_firmware | - | |
| zyxel | max218m1w | - | |
| zyxel | max218mw_firmware | - | |
| zyxel | max218mw | - | |
| zyxel | max308m_fimware | - | |
| zyxel | max308m | - | |
| zyxel | max318m_firmware | - | |
| zyxel | max318m | - | |
| zyxel | max338m_firmware | - | |
| zyxel | max338m | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:greenpacket:ox350_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A81F52A-6DD6-4631-8733-9E47C6DAC87F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:greenpacket:ox350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "327A0834-F46C-4E74-925C-D3EA1DE6941E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:bm2022_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A779549C-E231-44F7-94AB-AE12D63641E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:bm2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F75E1B-DAA2-495B-B1CA-5228E3819F79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hes-309m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7239E02-7A4A-476B-AAF9-EF72D3A9407F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hes-309m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA39FE7-9B9E-443A-B41A-CADDCC4F544C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hes-319m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36923E11-A6AA-41C5-A3F7-8350A9053D86",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hes-319m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0863C568-5A6A-4961-B628-299D0E7A54E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hes-319m2w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03234F0A-1CD6-4087-829A-2CB15022A200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hes-319m2w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E48D770-DD54-4980-A8C4-359CF5DEF7A6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hes-339m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3294BDE-B2FB-41DD-A6DE-B08B5278AA1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hes-339m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF51DF4-56DB-4EE9-95E4-FCFE040B3770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mada:soho_wireless_router_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AB1DA5-2DB6-4892-896B-F630B0765989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mada:soho_wireless_router:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD7BD1-B005-4F24-962D-5337AFD740AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB20B496-6386-49B4-9103-45729D61F435",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "952793D7-1F57-42F3-9379-F9A31289E4AE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max218m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F66ADE-21DF-49F0-A404-CE3EED23E178",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max218m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B3ACA-0373-4574-AEE1-16E4B8D1E3BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max218m1w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE102CD-FFFA-4E9C-94E6-DDD3E1673A45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max218m1w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DFAEDFB-E181-4B91-81A6-D105A401870A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max218mw_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2DF253-7D1D-4C43-A209-681A8663044C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max218mw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1194BED0-101B-4B23-BA0A-BE635F5FA7F8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max308m_fimware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0C8A2C-AA09-4326-A369-07895094BB0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max308m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF88B7A-4919-455F-804F-6C1A709B8147",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max318m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52093480-956D-47D5-998F-68CE3CE69BDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max318m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55246D23-CF70-4BE5-899D-72AE038DE262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:max338m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9523A7F1-4F6C-4597-BC02-BA3FE729530D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:max338m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CAEB05-E93D-45BB-9742-00CDBBCFBDE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."
},
{
"lang": "es",
"value": "Los routers WiMAX basados en MediaTek SDK (libmtk) que emplean un plugin httpd personalizado son vulnerables a una omisi\u00f3n de autenticaci\u00f3n. Esto permite que un atacante remoto no autenticado obtenga acceso de administrador al dispositivo realizando un cambio de contrase\u00f1a de administrador en el dispositivo mediante una petici\u00f3n POST manipulada."
}
],
"id": "CVE-2017-3216",
"lastModified": "2024-11-21T03:25:03.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-20T00:29:00.267",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"source": "cret@cert.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}