Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2011-0887
HistoryFeb 08, 2011 - 10:00 p.m.

CVE-2011-0887

2011-02-0822:00:02
CWE-310
mitre
web.nvd.nist.gov
28
cve-2011-0887
smc
smcd3g-ccr
comcast business gateway
session hijacking
predictable session ids
firmware vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Affected configurations

Nvd
Node
smc_networkssmcd3g-ccr
AND
smc_networkssmcd3g-ccr_firmwareMatch1.4.0.42
VendorProductVersionCPE
smc_networkssmcd3g-ccr*cpe:2.3:h:smc_networks:smcd3g-ccr:*:*:*:*:*:*:*:*
smc_networkssmcd3g-ccr_firmware1.4.0.42cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:1.4.0.42:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
nvd 1
packetstorm 1
exploitdb 1
zdt 1
seebug 1
securityvulns 1
exploitpack 1
cvelist
cvelist
CVE-2011-0887
2011-02-08 21:00:00
prion
prion
Design/Logic Flaw
2011-02-08 22:00:00
nvd
nvd
CVE-2011-0887
2011-02-08 22:00:02
packetstorm
packetstorm
Comcast DOCSIS 3.0 Business Gateways XSRF / Session Management
2011-02-05 00:00:00
exploitdb
exploitdb
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities
2011-02-06 00:00:00
zdt
zdt
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
2011-02-06 00:00:00
seebug
seebug
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
2014-07-01 00:00:00
securityvulns
securityvulns
TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)
2011-02-08 00:00:00
exploitpack
exploitpack
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities
2011-02-06 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.013

Percentile

86.1%

JSON
Related for CVE-2011-0887
cvelist1prion1nvd1packetstorm1exploitdb1zdt1seebug1securityvulns1exploitpack1