N/A

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

N/A

关键功能的认证机制缺失

多款WiMAX路由器安全漏洞

WiMAX routers based on the MediaTek SDK (libmtk)是一种WiMAX（全球微波互联接入）类型的路由器。 基于MediaTek SDK的多款WiMAX路由器存在安全漏洞。攻击者可通过更改管理员密码利用该漏洞获取管理员的访问权限。以下产品和版本受到影响：ZyXEL MAX338M；ZyXEL MAX318M；ZyXEL MAX308M 2.00(UUA.3)D0版本；ZyXEL MAX218MW 2.00(UXD.2)D0版本；ZyXEL MAX218M1W 2.0

N/A

N/A