CVE-2011-0886

SMC SMCD3G-CCR Firmware < 1.4.0.49 - Cross-Site Request Forgery via Web Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0886. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textremotehardware

https://www.exploit-db.com/exploits/16123

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Comcast DOCSIS 3.0 Business Gateway - D3G-CCR (versions prior to 1.4.0.49.2)

No auth needed

Prerequisites: Victim must be logged into the gateway's management interface · Attacker must lure victim to a malicious webpage

MITRE ATT&CK