CyberSec.Space Logo
Back to CVE Browser

CVE-2011-0886

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile30.33th
PublishedFeb 8, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Affected Platforms (CPE)

πŸ”Œ
Smc Networks

Smcd3g Ccr

All versions
πŸ“¦
Smc Networks

Smcd3g Ccr Firmware

<= 1.4.0.49
πŸ“¦
Smc Networks

Smcd3g Ccr Firmware

= 1.4.0.42

References & Advisories

πŸ”— http://seclists.org/bugtraq/2011/Feb/36
πŸ”— http://secunia.com/advisories/43199
πŸ”— http://securityreason.com/securityalert/8068
πŸ”— http://www.exploit-db.com/exploits/16123/
πŸ”— http://www.securityfocus.com/archive/1/516205/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/46215
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/65185
πŸ”— https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

Related Vulnerabilities

CVE-2011-088510.0

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D...

CVE-2011-08874.3

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable se...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...