Vulnerabilities > CVE-2011-0885 - Credentials Management vulnerability in SMC Networks Smcd3G-Ccr and Smcd3G-Ccr Firmware
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 | |
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities. CVE-2011-0885,CVE-2011-0886,CVE-2011-0887. Remote exploit for hardware platform |
| file | exploits/hardware/remote/16123.txt |
| id | EDB-ID:16123 |
| last seen | 2016-02-01 |
| modified | 2011-02-06 |
| platform | hardware |
| port | |
| published | 2011-02-06 |
| reporter | Trustwave's SpiderLabs |
| source | https://www.exploit-db.com/download/16123/ |
| title | Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities |
| type | remote |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/98180/TWSL2011-002.txt |
| id | PACKETSTORM:98180 |
| last seen | 2016-12-05 |
| published | 2011-02-05 |
| reporter | Trustwave |
| source | https://packetstormsecurity.com/files/98180/Comcast-DOCSIS-3.0-Business-Gateways-XSRF-Session-Management.html |
| title | Comcast DOCSIS 3.0 Business Gateways XSRF / Session Management |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:70676 |
| last seen | 2017-11-19 |
| modified | 2014-07-01 |
| published | 2014-07-01 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-70676 |
| title | Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities |
References
- http://seclists.org/bugtraq/2011/Feb/36
- http://secunia.com/advisories/43199
- http://securityreason.com/securityalert/8066
- http://www.exploit-db.com/exploits/16123/
- http://www.securityfocus.com/archive/1/516205/100/0/threaded
- http://www.securityfocus.com/bid/46215
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65184
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt
- http://seclists.org/bugtraq/2011/Feb/36
- https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65184
- http://www.securityfocus.com/bid/46215
- http://www.securityfocus.com/archive/1/516205/100/0/threaded
- http://www.exploit-db.com/exploits/16123/
- http://securityreason.com/securityalert/8066
- http://secunia.com/advisories/43199