QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0886

Published: Feb 8, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20110204 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

mailing-list

x_refsource_BUGTRAQ

smcd3gccr-interface-csrf(65185)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_BID

exploit

x_refsource_EXPLOIT-DB

20110205 TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

mailing-list

x_refsource_BUGTRAQ

https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.