6 matches found
CVE-2011-0885
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the 1 web interface or 2 TELNET interface...
CVE-2011-0887
The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...
CVE-2011-0885
The CVE-2011-0885 entry affects Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) prior to firmware 1.4.0.49.2. Trustwave’s TWSL2011-002 describes a default credential flaw: the admin login is “mso” with password “D0nt4g3tme,” enabling remote administrative access via web or TELNET. The advisory a...
CVE-2011-0886
The CVE-2011-0886 entry refers to CSRF flaws in the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web interface prior to firmware 1.4.0.49.2. Vulnerabilities include: (1) login CSRF that can hijack intranet connectivity, (2) CSRF allowing remote admin activation via goform/RemoteRange, and (3)...
CVE-2011-0885
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the 1 web interface or 2 TELNET interface...
CVE-2011-0887
The CVE-2011-0887 entry refers to the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web management portal. Affected firmware prior to 1.4.0.49.2 uses a predictable session ID (“userid” cookie) derived from epoch time, enabling brute-forcing to hijack active sessions. Trustwave’s SpiderLabs adv...