VAR-201706-0448
Vulnerability from variot - Updated: 2023-12-18 13:14WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "max218m1w",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m fimware",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "ox350",
"scope": "eq",
"trust": 1.0,
"vendor": "greenpacket",
"version": null
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.0,
"vendor": "zte",
"version": null
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 1.0,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "mada",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.9,
"vendor": "mada",
"version": "2.10.13"
},
{
"model": "ox-350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "ox350",
"scope": "eq",
"trust": 0.9,
"vendor": "greenpacket",
"version": "0"
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "2.10.14"
},
{
"model": "hes-309m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-319m2w",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "hes-339m",
"scope": "eq",
"trust": 0.9,
"vendor": "huawei",
"version": "0"
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 0.9,
"vendor": "zte",
"version": "0"
},
{
"model": "max218m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218m1w 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max218mw 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max308m 2.00 d0",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "max318m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "max338m",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "ox-350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "ox350",
"scope": null,
"trust": 0.8,
"vendor": "green packet",
"version": null
},
{
"model": "bm2022",
"scope": "eq",
"trust": 0.8,
"vendor": "huawei",
"version": "(version: v2.10.14)"
},
{
"model": "hes-309m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-319m2w",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "hes-339m",
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": "soho wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "mada",
"version": "(version: v2.10.13)"
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": "max218m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxg.0)d0)"
},
{
"model": "max218m1w",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxe.3)d0)"
},
{
"model": "max218mw",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uxd.2)d0)"
},
{
"model": "max308m",
"scope": "eq",
"trust": 0.8,
"vendor": "zyxel",
"version": "(version: 2.00(uua.3)d0)"
},
{
"model": "max318m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "max338m",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:greenpacket:ox350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:greenpacket:ox350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:bm2022_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:bm2022:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-309m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-309m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-319m2w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-319m2w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:hes-339m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:hes-339m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mada:soho_wireless_router_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mada:soho_wireless_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zte:ox-330p_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zte:ox-330p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218m1w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218m1w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max218mw_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max218mw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max308m_fimware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max308m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max318m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max318m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:zyxel:max338m_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:max338m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck, SEC Consult Vulnerability Lab",
"sources": [
{
"db": "BID",
"id": "99078"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 10.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.7,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-14427",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-111419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-3216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-003883",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-3216",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-003883",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-111419",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. libmtk For httpd Multiple using plug-ins WiMAX The router contains an authentication bypass vulnerability. In particular commit2.cgi Against ADMIN_PASSWD A parameter was set POST You can change the administrator password by sending a request. According to the reporter, some of the surveyed products are initially enabled for remote management. In this case, there is a possibility of being attacked from the Internet side. MediaTek According to the company, the vulnerable file MediaTek SDK It is not included in itself, SDK It is speculated that it was provided by the developer who developed the firmware using. Details of the reporter blog See article. As a result, you may gain administrative privileges on the device. WiMAX (Worldwide Interoperability for Microwave Access) is a communication technology based on the IEEE-802.16 standard and can be used as an alternative to wired broadband services. The following products and versions are affected: ZyXEL MAX338M; ZyXEL MAX318M; ZyXEL MAX308M Version 2.00(UUA.3)D0; ZyXEL MAX218MW Version 2.00(UXD.2)D0; ZyXEL MAX218M1W Version 2.00(UXE.3)D0; ZyXEL MAX218M Version 2.00( UXG.0)D0 version; ZTE OX-330P; Mada Soho Wireless Router 2.10.13; Huawei HES-339M; Huawei HES-319M2W; Huawei HES-319M; Huawei HES-309M; Huawei BM2022 version 2.10.14; Green Packet OX-350",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3216",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#350135",
"trust": 3.7
},
{
"db": "BID",
"id": "99078",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU92606107",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-14427",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-3216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"id": "VAR-201706-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
}
],
"trust": 1.358968255333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-14427"
}
]
},
"last_update_date": "2023-12-18T13:14:15.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/authentication-bypass-potential-backdoors-plague-old-wimax-routers/126135/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-3216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_various_wimax_cpes_authentication_bypass_v10.txt"
},
{
"trust": 3.4,
"url": "http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/350135"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20170608-01-wimax-en"
},
{
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_vulnerability_cve_2017_3216.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3216"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92606107/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3216"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/99078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#350135"
},
{
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"db": "VULHUB",
"id": "VHN-111419"
},
{
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"db": "BID",
"id": "99078"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2017-06-20T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2017-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2017-06-20T00:29:00.267000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-24T00:00:00",
"db": "CERT/CC",
"id": "VU#350135"
},
{
"date": "2017-07-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-14427"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-111419"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-3216"
},
{
"date": "2017-06-07T00:00:00",
"db": "BID",
"id": "99078"
},
{
"date": "2018-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003883"
},
{
"date": "2019-10-09T23:27:24.010000",
"db": "NVD",
"id": "CVE-2017-3216"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin",
"sources": [
{
"db": "CERT/CC",
"id": "VU#350135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-793"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…