CVE-2011-0886

2011-02-0822:00:02

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.016

Percentile

87.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Affected configurations

Nvd

Node

smc_networkssmcd3g-ccr

AND

smc_networkssmcd3g-ccr_firmwareRange≤1.4.0.49

smc_networkssmcd3g-ccr_firmwareMatch1.4.0.42

VendorProductVersionCPE
smc_networkssmcd3g-ccr*cpe:2.3:h:smc_networks:smcd3g-ccr:*:*:*:*:*:*:*:*
smc_networkssmcd3g-ccr_firmware*cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:*:*:*:*:*:*:*:*
smc_networkssmcd3g-ccr_firmware1.4.0.42cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:1.4.0.42:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smc_networks	smcd3g-ccr	*	cpe:2.3:h:smc_networks:smcd3g-ccr::::::::
smc_networks	smcd3g-ccr_firmware	*	cpe:2.3:a:smc_networks:smcd3g-ccr_firmware::::::::
smc_networks	smcd3g-ccr_firmware	1.4.0.42	cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:1.4.0.42:::::::*