WiMAX.CPEs.commit2.cgi.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass vulnerability in WiMAX routers.
The vulnerability is due to insufficient sanitizing of HTTP POST requests sent to commit2.cgi. A remote attacker can potentially make arbitrary changes to the system.
Affected Products
GreenPacket OX350
GreenPacket OX-350
Huawei BM2022 (Version: v2.10.14)
Huawei HES-309M
Huawei HES-319M
Huawei HES-319M2W
Huawei HES-339M
MADA Soho Wireless Router (Version: v2.10.13)
ZTE OX-330P
ZyXEL MAX218M (Version: 2.00(UXG.0)D0)
ZyXEL MAX218M1W (Version: 2.00(UXE.3)D0)
ZyXEL MAX218MW (Version: 2.00(UXD.2)D0)
ZyXEL MAX308M (Version: 2.00(UUA.3)D0)
ZyXEL MAX318M
ZyXEL MAX338M
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |