mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 03:02:49 +00:00
1.1 KiB
1.1 KiB
CVE-2011-0886
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.
POC
Reference
- http://seclists.org/bugtraq/2011/Feb/36
- http://securityreason.com/securityalert/8068
- http://www.exploit-db.com/exploits/16123/
Github
No PoCs found on GitHub currently.