CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2011-0887

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile25.34th
Published2011年2月8日
Last Modified2026年4月29日

Vulnerability Description

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Affected Platforms (CPE)

🔌
Smc Networks

Smcd3g Ccr

All versions
📦
Smc Networks

Smcd3g Ccr Firmware

= 1.4.0.42

References & Advisories

🔗 http://seclists.org/bugtraq/2011/Feb/36
🔗 http://secunia.com/advisories/43199
🔗 http://securityreason.com/securityalert/8068
🔗 http://www.exploit-db.com/exploits/16123/
🔗 http://www.securityfocus.com/archive/1/516205/100/0/threaded
🔗 http://www.securityfocus.com/bid/46215
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/65186
🔗 https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

相關漏洞威脅

CVE-2011-088510.0

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D...

CVE-2011-08866.8

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gatewa...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...