SEC Consult Security researchers have found a critical authentication bypass vulnerability that opens many WiMAX routers to remote attacks.
WiMAX (Worldwide Interoperability for Microwave Access) is a wireless industry coalition dedicated to the advancement of IEEE 802.16 standards for broadband wireless access (BWA) networks.
An attacker can obtain access to the device, reach the network behind it and start more attacks, add devices into a Mirai-like botnet or just easily spy on a user. This discovered flaw affects devices from GreenPacket, Huawei, MADA, ZTE, ZyXEL, and others. Some of the devices are accessible from the web.
The researchers found that several WiMAX routers are affected by a serious security issue that can be used by a remote attacker to change the router’s administrator password by sending a specifically crafted request to the router. The vulnerability is tracked as CVE-2017-3216.
There is no hint that affected vendors will publish any patches any time soon. Users are recommended to either change the devices or take steps to block remote access, like limiting access to trusted clients only and disabling remote device management features.