CyberSec.Space Logo
Back to CVE Browser

CVE-2011-0887

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile25.34th
PublishedFeb 8, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Affected Platforms (CPE)

πŸ”Œ
Smc Networks

Smcd3g Ccr

All versions
πŸ“¦
Smc Networks

Smcd3g Ccr Firmware

= 1.4.0.42

References & Advisories

πŸ”— http://seclists.org/bugtraq/2011/Feb/36
πŸ”— http://secunia.com/advisories/43199
πŸ”— http://securityreason.com/securityalert/8068
πŸ”— http://www.exploit-db.com/exploits/16123/
πŸ”— http://www.securityfocus.com/archive/1/516205/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/46215
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/65186
πŸ”— https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

Related Vulnerabilities

CVE-2011-088510.0

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D...

CVE-2011-08866.8

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gatewa...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...