Comcast SMCD3G-CCR Gateway Default Credentials/CSRF/Session Management Vulnerability (CVE-2011-0885)

Critical Vulnerability Information 1. Vulnerability Details CVE ID: CVE-2011-0885, CWE-255 Risk Level: High CVSS Base Score: 10/10 Attack Complexity: Low Authentication Required: None Impact Scope: Integrity, Confidentiality, Availability 2. Affected Products Vendor: Comcast and SMC Product: Comcast DOCSIS 3.0 Business Gateway - SMCD3G-CCR Affected Versions: All versions prior to 1.4.0.49.2 3. Vulnerability Points Hardcoded Credentials: All SMCD3G-CCR gateways provide an admin login "mso" with password "D0nt4g3tme". These credentials are not disclosed during device installation and are not recommended to be changed, meaning most users are unaware of the default configuration. Exploiting these default credentials, internal attackers can modify device settings to enable more severe attacks, including DNS request redirection, remote VPN endpoint creation, and NAT entry modification. Cross-Site Request Forgery (CSRF): The SMCD3G-CCR gateway is vulnerable to CSRF attacks, allowing attackers to embed malicious requests within the gateway’s management interface, thereby altering device configurations and enabling remote management. Weak Session Management: The SMCD3G-CCR gateway uses predictable values to validate active web management portal sessions, providing a predictable session ID range that may be susceptible to brute-force attacks. 4. Vendor Response Fixed Version: 1.4.0.49.2 Vulnerability Disclosure Date: 2010-08-30 Patch Release Date: 2011-01-21 Advisory Published: 2011-02-04 5. Remediation Steps Users should check the "About" link in the management interface to determine the installed version. Versions 1.4.0.49.2 and later have resolved the issue.

Goal Reached Thanks to every supporter — we hit 100%!

Comcast SMCD3G-CCR Gateway Default Credentials/CSRF/Session Management Vulnerability (CVE-2011-0885)