WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device.
CWE-306: Missing Authentication for Critical Function - CVE-2017-3216
Several WiMAX routers making use of a custom httpd plugin for libmtk (the MediaTek SDK library) are vulnerable to an authentication bypass that allows a remote, unauthenticated attacker to change the administrator password on the device.
A remote, unauthenticated attacker may gain administrator access to the device after changing the administrator password on the device with a crafted POST request.
The CERT/CC is currently unaware of a practical solution to this problem. Consider the following workarounds instead.
Restrict network access
Thanks to Stefan Viehböck, SEC Consult Vulnerability Lab, for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2017-06-07|
|Date Last Updated:||2017-07-24 16:14 UTC|