MidnightBSD

Advisories for smc_networks

CVE-2003-0419 MEDIUM

SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
smc_networks barricade_wireless_cable_dsl_broadband_router smc7004vwbr
CVE-2004-1685 HIGH

SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
smc_networks smc7008abr 1.32
smc_networks smc7004vwbr 1.21a
smc_networks smc7004vwbr 1.22
smc_networks smc7004vwbr 1.23
CVE-2004-1976 HIGH

SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
smc_networks smc7004vbr 1.231
smc_networks smc7004vbr 1.032
CVE-2005-4820 MEDIUM

SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
smc_networks smc7904wbra *
CVE-2011-0885 HIGH

A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
smc_networks smcd3g-ccr_firmware *
smc_networks smcd3g-ccr_firmware 1.4.0.42
smc_networks smcd3g-ccr *
CVE-2011-0886 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
smc_networks smcd3g-ccr_firmware *
smc_networks smcd3g-ccr_firmware 1.4.0.42
smc_networks smcd3g-ccr *
CVE-2011-0887 MEDIUM

The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
smc_networks smcd3g-ccr_firmware 1.4.0.42
smc_networks smcd3g-ccr *