Vulnerability CVE-2011-0885


Published: 2011-02-08   Modified: 2012-02-13

Description:
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.

See advisories in our WLB2 database:
Topic
Author
Date
High
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities
Trustwave\'...
10.02.2011

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Smc networks -> Smcd3g-ccr firmware 
Smc networks -> Smcd3g-ccr 

 References:
http://seclists.org/bugtraq/2011/Feb/36
http://securityreason.com/securityalert/8066
http://www.exploit-db.com/exploits/16123/
http://www.securityfocus.com/archive/1/516205/100/0/threaded
http://www.securityfocus.com/bid/46215
https://exchange.xforce.ibmcloud.com/vulnerabilities/65184
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt

Copyright 2021, cxsecurity.com

 

Back to Top