CVE-2011-0887
08.02.2011, 22:00
The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.Enginsight
Vendor | Product | Version |
---|---|---|
smc_networks | smcd3g-ccr | * |
smc_networks | smcd3g-ccr_firmware | 1.4.0.42 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References