WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device.
CWE-306: Missing Authentication for Critical Function - CVE-2017-3216
Several WiMAX routers making use of a custom httpd plugin for libmtk (the MediaTek SDK library) are vulnerable to an authentication bypass that allows a remote, unauthenticated attacker to change the administrator password on the device.
A remote, unauthenticated attacker may gain administrator access to the device after changing the administrator password on the device with a crafted POST request.
The CERT/CC is currently unaware of a practical solution to this problem. Consider the following workarounds instead.
Restrict network access
Thanks to Stefan Viehböck, SEC Consult Vulnerability Lab, for reporting this vulnerability.
|Date First Published:||2017-06-07|
|Date Last Updated:||2017-07-24 16:14 UTC|