CVE-2011-0885

SMC SMCD3G-CCR < 1.4.0.49 - Unauthenticated Administrative Access via Default Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0885. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Description

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textremotehardware

https://www.exploit-db.com/exploits/16123

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Comcast DOCSIS 3.0 Business Gateway - D3G-CCR (versions prior to 1.4.0.49.2)

No auth needed

Prerequisites: Victim must be logged into the gateway's management interface · Attacker must lure victim to a malicious webpage

MITRE ATT&CK