Информационная безопасность
[RU] switch to English


Уязвимости в марзрутизаторах Comcast / SMC DOCSIS 3.0 Business Gateway - SMCD3G-CCR
Опубликовано:8 февраля 2011 г.
Источник:
SecurityVulns ID:11407
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовая подмена запросов, учетная запись по-умолчанию.
Затронутые продукты:SMC : SMCD3G-CCR
CVE:CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.)
 CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.)
Оригинальный текстdocumentTrustwave Advisories, TWSL2011-002:Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR) (08.02.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород