CyberSec.Space Logo
返回 CVE 浏览器

CVE-2011-0886

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1210%
EPSS Percentile30.33th
Published2011年2月8日
Last Modified2026年4月29日

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Affected Platforms (CPE)

🔌
Smc Networks

Smcd3g Ccr

All versions
📦
Smc Networks

Smcd3g Ccr Firmware

<= 1.4.0.49
📦
Smc Networks

Smcd3g Ccr Firmware

= 1.4.0.42

References & Advisories

🔗 http://seclists.org/bugtraq/2011/Feb/36
🔗 http://secunia.com/advisories/43199
🔗 http://securityreason.com/securityalert/8068
🔗 http://www.exploit-db.com/exploits/16123/
🔗 http://www.securityfocus.com/archive/1/516205/100/0/threaded
🔗 http://www.securityfocus.com/bid/46215
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/65185
🔗 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

相关漏洞威胁

CVE-2011-088510.0

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D...

CVE-2011-08874.3

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable se...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...