cbcvebase.
CVE-2011-0886
published 2011-02-08

CVE-2011-0886: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before…

PriorityP334medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.61%
83.5th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Affected

2 ranges
VendorProductVersion rangeFixed in
smc_networkssmcd3g-ccr_firmware<= 1.4.0.49
smc_networkssmcd3g-ccr_firmware
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.