The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware prior to 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote malicious users to hijack sessions via a brute-force attack on the userid cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smc_networks smcd3g-ccr |
||
smc_networks smcd3g-ccr_firmware 1.4.0.42 |