CVE-2011-0887

SMC SMCD3G-CCR - Session Hijacking via Predictable Session ID

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0887. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Description

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trustwave's SpiderLabs · textremotehardware

https://www.exploit-db.com/exploits/16123

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in Comcast DOCSIS 3.0 Business Gateways (D3G-CCR) by embedding malicious requests in HTML forms to enable remote administration and modify DNS settings. It includes functional PoC code that automates login and configuration changes via hidden form submissions.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Comcast DOCSIS 3.0 Business Gateway - D3G-CCR (versions prior to 1.4.0.49.2)

No auth needed

Prerequisites: Victim must be logged into the gateway's management interface · Attacker must lure victim to a malicious webpage

MITRE ATT&CK