{"containers":{"cna":{"affected":[{"product":"BM2022","vendor":"Huawei Technologies","versions":[{"status":"affected","version":"2.10.14"}]},{"product":"HES-309M","vendor":"Huawei Technologies","versions":[{"status":"affected","version":"unknown"}]},{"product":"HES-319M","vendor":"Huawei Technologies","versions":[{"status":"affected","version":"unknown"}]},{"product":"HES-319M2W","vendor":"Huawei Technologies","versions":[{"status":"affected","version":"unknown"}]},{"product":"HES-339M","vendor":"Huawei Technologies","versions":[{"status":"affected","version":"unknown"}]},{"product":"OX350","vendor":"Green Packet","versions":[{"status":"affected","version":"unknown"}]},{"product":"OX-330P","vendor":"ZTE","versions":[{"status":"affected","version":"unknown"}]},{"product":"MAX218M","vendor":"ZyXEL","versions":[{"status":"affected","version":"2.00(UXG.0)D0"}]},{"product":"MAX218M1W","vendor":"ZyXEL","versions":[{"status":"affected","version":"2.00(UXE.3)D0"}]},{"product":"MAX218MW","vendor":"ZyXEL","versions":[{"status":"affected","version":"2.00(UXD.2)D0"}]},{"product":"MAX308M","vendor":"ZyXEL","versions":[{"status":"affected","version":"2.00(UUA.3)D0"}]},{"product":"MAX318M","vendor":"ZyXEL","versions":[{"status":"affected","version":"unknown"}]},{"product":"MAX338M","vendor":"ZyXEL","versions":[{"status":"affected","version":"unknown"}]},{"product":"Soho Wireless Router","vendor":"MADA","versions":[{"status":"affected","version":"2.10.13"}]}],"datePublic":"2017-06-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-306","description":"CWE-306","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2017-06-19T23:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"tags":["x_refsource_MISC"],"url":"http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"},{"tags":["x_refsource_MISC"],"url":"https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"},{"name":"VU#350135","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/350135"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2017-3216","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BM2022","version":{"version_data":[{"version_value":"2.10.14"}]}},{"product_name":"HES-309M","version":{"version_data":[{"version_value":"unknown"}]}},{"product_name":"HES-319M","version":{"version_data":[{"version_value":"unknown"}]}},{"product_name":"HES-319M2W","version":{"version_data":[{"version_value":"unknown"}]}},{"product_name":"HES-339M","version":{"version_data":[{"version_value":"unknown"}]}}]},"vendor_name":"Huawei Technologies"},{"product":{"product_data":[{"product_name":"OX350","version":{"version_data":[{"version_value":"unknown"}]}}]},"vendor_name":"Green Packet"},{"product":{"product_data":[{"product_name":"OX-330P","version":{"version_data":[{"version_value":"unknown"}]}}]},"vendor_name":"ZTE"},{"product":{"product_data":[{"product_name":"MAX218M","version":{"version_data":[{"version_value":"2.00(UXG.0)D0"}]}},{"product_name":"MAX218M1W","version":{"version_data":[{"version_value":"2.00(UXE.3)D0"}]}},{"product_name":"MAX218MW","version":{"version_data":[{"version_value":"2.00(UXD.2)D0"}]}},{"product_name":"MAX308M","version":{"version_data":[{"version_value":"2.00(UUA.3)D0"}]}},{"product_name":"MAX318M","version":{"version_data":[{"version_value":"unknown"}]}},{"product_name":"MAX338M","version":{"version_data":[{"version_value":"unknown"}]}}]},"vendor_name":"ZyXEL"},{"product":{"product_data":[{"product_name":"Soho Wireless Router","version":{"version_data":[{"version_value":"2.10.13"}]}}]},"vendor_name":"MADA"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-306"}]}]},"references":{"reference_data":[{"name":"http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html","refsource":"MISC","url":"http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"},{"name":"https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt","refsource":"MISC","url":"https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"},{"name":"VU#350135","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/350135"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T14:16:28.271Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170607-0_Various_WiMAX_CPEs_Authentication_Bypass_v10.txt"},{"name":"VU#350135","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/350135"}]}]},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2017-3216","datePublished":"2017-06-20T00:00:00.000Z","dateReserved":"2016-12-05T00:00:00.000Z","dateUpdated":"2024-08-05T14:16:28.271Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}