cbcvebase.
CVE-2017-3216
published 2017-06-20

CVE-2017-3216: WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated…

PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.17%
91.4th percentile
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.

Affected

16 ranges
VendorProductVersion rangeFixed in
green_packetox350
huawei_technologiesbm2022
huawei_technologieshes-309m
huawei_technologieshes-319m
huawei_technologieshes-319m2w
huawei_technologieshes-339m
madasoho_wireless_router
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.14.04.152.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 52.0.2+build1-0ubuntu0.16.04.152.0.2+build1-0ubuntu0.16.04.1
zteox-330p
zyxelmax218m
zyxelmax218m1w
zyxelmax218mw
zyxelmax308m
zyxelmax318m
zyxelmax338m

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.