CVE-2017-3216

high-risk

Published 2017-06-20

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Do I need to act?

3.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (14)

Hes-309M Firmware

Hes-319M2W Firmware

Max218M1W Firmware

Max218Mw Firmware

Max318M Firmware

Max338M Firmware

Ox350 Firmware

Bm2022 Firmware

Hes-319M Firmware

Hes-339M Firmware

Soho Wireless Router Firmware

Ox-330P Firmware

Max218M Firmware

Max308M Fimware

Affected Vendors

Huawei Greenpacket Zte Zyxel Mada

References (6)

Third Party Advisory http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html

Mitigation http://www.kb.cert.org/vuls/id/350135

Exploit https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Va...

Third Party Advisory http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html

Mitigation http://www.kb.cert.org/vuls/id/350135

Exploit https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Va...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 6/34 · Minimal

Exposure 18/34 · Moderate