漏洞标题
N/A
漏洞描述信息
在SMC SMCD3G-CCR(aka Comcast Business Gateway)的Web界面上,具有1.4.0.49.2版本的固件之前,存在多个跨站点请求伪造(CSRF)漏洞,这允许远程攻击者(1)夺取任意用户的内部网络连接,对于通过goform/login进行登录的请求,或者夺取管理员的验证身份,对于(2)通过mso_remote_enable action向goform/RemoteRange发送外部登录请求,或者(3)通过手动_dns_enable action向goform/Basic发送DNS设置请求。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Smc_Networks SMC SMCD3G-CCR web界面多个跨站请求伪造漏洞
漏洞描述信息
带有1.4.0.49.2之前版本固件的SMC SMCD3G-CCR(又名Comcast Business Gateway)的web界面中存在多个跨站请求伪造漏洞。远程攻击者可以(1)借助goform/login劫持任意用户执行登录的内网连接,(2)借助对goform/RemoteRange的mso_remote_enable操作劫持管理员启用外部登陆的认证,(3)或借助对goform/Basic的manual_dns_enable操作改变DNS设置。
CVSS信息
N/A
漏洞类别
跨站请求伪造