var-201706-0448
Vulnerability from variot
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "max218m1w",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m fimware",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "ox350",
"scope": "eq",
"trust": 1.0,
"vendor": "greenpacket",
"version": null
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "mada",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.9,
"vendor": "mada",
"version": "2.10.13"
},
{
"model": "ox-350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "ox350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "2.10.14"
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 0.9,
"vendor": "zte",
"version": "0"
},
{
"model": "max218m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m1w 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "max338m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "ox-350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "ox350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "(version: v2.10.14)"
},
{
"model": "hes-309m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "mada",
"version": "(version: v2.10.13)"
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxg.0)d0)"
},
{
"model": "max218m1w",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxe.3)d0)"
},
{
"model": "max218mw",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxd.2)d0)"
},
{
"model": "max308m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uua.3)d0)"
},
{
"model": "max318m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:greenpacket:ox350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:greenpacket:ox350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:bm2022_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:bm2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-309m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-309m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m2w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m2w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-339m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-339m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mada:soho_wireless_router_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mada:soho_wireless_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m1w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m1w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218mw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218mw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max308m_fimware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max308m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max318m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max318m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max338m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max338m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "99078"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14427",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-003883",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111419",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3216",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#350135",
"trust": 3.7
},
{
"db": "BID",
"id": "99078",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92606107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"id": "VAR-201706-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
}
],
"trust": 1.358968255333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
}
]
},
"last_update_date": "2023-12-18T13:14:15.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/authentication-bypass-potential-backdoors-plague-old-wimax-routers/126135/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_various_wimax_cpes_authentication_bypass_v10.txt"
},
{
"trust": 3.4,
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20170608-01-wimax-en"
},
{
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_vulnerability_cve_2017_3216.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3216"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92606107/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3216"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/99078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2017-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2017-06-20T00:29:00.267000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2019-10-09T23:27:24.010000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin",
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.