EUVD-2011-0898

Malware in sbrugna...

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

CVE-2011-0886

Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 allow remote attackers to 1 hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or...

Default credentials

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the 1 web interface or 2 TELNET interface...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 allow remote attackers to 1 hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or...

CVE-2011-0887

The web management portal on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie...

CVE-2011-0886

Multiple cross-site request forgery CSRF vulnerabilities in the web interface on the SMC SMCD3G-CCR aka Comcast Business Gateway with firmware before 1.4.0.49.2 allow remote attackers to 1 hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or...

CVE-2011-0887

The CVE-2011-0887 entry refers to the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web management portal. Affected firmware prior to 1.4.0.49.2 uses a predictable session ID (“userid” cookie) derived from epoch time, enabling brute-forcing to hijack active sessions. Trustwave’s SpiderLabs adv...

CVE-2011-0885

The CVE-2011-0885 entry affects Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) prior to firmware 1.4.0.49.2. Trustwave’s TWSL2011-002 describes a default credential flaw: the admin login is “mso” with password “D0nt4g3tme,” enabling remote administrative access via web or TELNET. The advisory a...

CVE-2011-0886

The CVE-2011-0886 entry refers to CSRF flaws in the Comcast DOCSIS 3.0 Business Gateway (SMCD3G-CCR) web interface prior to firmware 1.4.0.49.2. Vulnerabilities include: (1) login CSRF that can hijack intranet connectivity, (2) CSRF allowing remote admin activation via goform/RemoteRange, and (3)...

TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)

Trustwave's SpiderLabs Security Advisory TWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways SMCD3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcast http://comcast.com and SMC http://www.smc.com Product:...

Comcast / SMC DOCSIS 3.0 Business Gateway - SMCD3G-CCR routers vulnerability

Crossite request forgery, default account...

Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Published: 2011-02-04 Version: 1.0 Vendor: Comcast http://comcast.com and SMC http://www.smc.com Product: Comcast DOCSIS 3.0 Business Gateway - SMCD3G-CCR Version affected: Versions prior to 1.4.0.49.2 Product description: The Comcast DOCS...

Comcast DOCSIS 3.0 Business Gateways XSRF / Session Management

Trustwave's SpiderLabs Security Advisory TWSL2011-001: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways SMCD3G-CCR https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt Published: 2011-02-04 Version: 1.0 Vendor: Comcast http://comcast.com and SMC http://www.smc.com Product:...