CVE-2017-3216

Name of the Vulnerable Software and Affected Versions libmtk (MediaTek SDK) versions (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure of the http module for libmtk, which is used in WiMAX routers based on the MediaTek SDK. This allows a remote attacker to bypass authentication and gain administrator access to the device. The exploitation involves sending a specially crafted POST request to the commit2.cgi script with a new password in the ADMIN POST parameter, effectively changing the administrator password.

Recommendations For libmtk (MediaTek SDK), at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the commit2.cgi script to minimize the risk of exploitation. Avoid using the ADMIN POST parameter in the affected POST request until the issue is resolved.