WiMAX.CPEs.commit2.cgi.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in WiMAX routers.
The vulnerability is due to insufficient sanitizing of HTTP POST requests sent to commit2.cgi. A remote attacker can potentially make arbitrary changes to the system.

affected-products-logoAffected Products

GreenPacket OX350
GreenPacket OX-350
Huawei BM2022 (Version: v2.10.14)
Huawei HES-309M
Huawei HES-319M
Huawei HES-319M2W
Huawei HES-339M
MADA Soho Wireless Router (Version: v2.10.13)
ZTE OX-330P
ZyXEL MAX218M (Version: 2.00(UXG.0)D0)
ZyXEL MAX218M1W (Version: 2.00(UXE.3)D0)
ZyXEL MAX218MW (Version: 2.00(UXD.2)D0)
ZyXEL MAX308M (Version: 2.00(UUA.3)D0)
ZyXEL MAX318M
ZyXEL MAX338M

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)