Older WiMAX-Based Routers May Be Vulnerable to Authentication Bypass

SEC Consult researchers recently discovered between 50,000 and 100,000 WiMAX-based routers exposing their administrative interface to the internet. These routers contain a security flaw, CVE-2017-3216, that makes them vulnerable to an authentication bypass that could allow a remote actor to gain access to the device, change the admin credentials, spy on users, or install malware. The NJCCIC recommends owners and operators of vulnerable WiMAX-based routers review the SEC Consult technical advisory and consider decommissioning affected devices.