CVE-2017-3216: CVE-2017-3216

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-3216

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

关键功能的认证机制缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款WiMAX路由器安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WiMAX routers based on the MediaTek SDK (libmtk)是一种WiMAX（全球微波互联接入）类型的路由器。基于MediaTek SDK的多款WiMAX路由器存在安全漏洞。攻击者可通过更改管理员密码利用该漏洞获取管理员的访问权限。以下产品和版本受到影响：ZyXEL MAX338M；ZyXEL MAX318M；ZyXEL MAX308M 2.00(UUA.3)D0版本；ZyXEL MAX218MW 2.00(UXD.2)D0版本；ZyXEL MAX218M1W 2.0

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Huawei Technologies	BM2022	2.10.14	-
Huawei Technologies	HES-309M	unknown	-
Huawei Technologies	HES-319M	unknown	-
Huawei Technologies	HES-319M2W	unknown	-
Huawei Technologies	HES-339M	unknown	-
Green Packet	OX350	unknown	-
ZTE	OX-330P	unknown	-
ZyXEL	MAX218M	2.00(UXG.0)D0	-
ZyXEL	MAX218M1W	2.00(UXE.3)D0	-
ZyXEL	MAX218MW	2.00(UXD.2)D0	-
ZyXEL	MAX308M	2.00(UUA.3)D0	-
ZyXEL	MAX318M	unknown	-
ZyXEL	MAX338M	unknown	-
MADA	Soho Wireless Router	2.10.13	-

II. Public POCs for CVE-2017-3216

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-3216

Please Login to view more intelligence information

🔗 http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.htmlx_refsource_MISC
🔗 http://www.kb.cert.org/vuls/id/350135third-party-advisoryx_refsource_CERT-VN
https://nvd.nist.gov/vuln/detail/CVE-2017-3216

IV. Related Vulnerabilities

Same weakness: CWE-306

V. Comments for CVE-2017-3216

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2017-3216

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2017-3216

III. Intelligence Information for CVE-2017-3216

IV. Related Vulnerabilities

V. Comments for CVE-2017-3216

Leave a comment