Vulnerability Details : CVE-2011-0885
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
Products affected by CVE-2011-0885
- cpe:2.3:h:smc_networks:smcd3g-ccr:*:*:*:*:*:*:*:*
- cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:smc_networks:smcd3g-ccr_firmware:1.4.0.42:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0885
1.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0885
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0885
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0885
-
http://www.securityfocus.com/bid/46215
Comcast DOCSIS 3.0 Business Gateways Cross Site Request Forgery and Security Bypass Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65184
Multiple SMCD3G-CCR gateways default password CVE-2011-0885 Vulnerability Report
-
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-002.txt
404 Not Found | Trustwave
-
http://seclists.org/bugtraq/2011/Feb/36
Bugtraq: TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)
-
http://www.securityfocus.com/archive/1/516205/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/16123/
Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities - Hardware remote ExploitExploit
-
http://securityreason.com/securityalert/8066
Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities - CXSecurity.com
Jump to