Zack Fasel

**Name of the Vulnerable Software and Affected Versions** SMC SMCD3G-CCR versions prior to 1.4.0.49.2 **Description** The issue allows remote attackers to gain administrative access due to a default password for the `mso` account. This default password is 'D0nt4g3tme'. Attackers can exploit this via the web interface or TELNET interface. **Recommendations** For versions prior to 1.4.0.49.2, update the firmware to version 1.4.0.49.2 or later to change the default password for the `mso` account. As a temporary workaround, consider changing the default password for the `mso` account to a strong, unique password until the firmware can be updated.

**Name of the Vulnerable Software and Affected Versions** SMC SMCD3G-CCR (aka Comcast Business Gateway) versions prior to 1.4.0.49.2 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the web interface. These vulnerabilities allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that perform a login via "goform/login". Additionally, attackers can hijack the authentication of administrators for requests that enable external logins via an "mso remote enable" action to "goform/RemoteRange" or change DNS settings via a "manual dns enable" action to "goform/Basic". **Recommendations** For versions prior to 1.4.0.49.2, update the firmware to version 1.4.0.49.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface and avoiding the use of the vulnerable `goform/login`, `goform/RemoteRange`, and `goform/Basic` endpoints until the update is applied.

**Name of the Vulnerable Software and Affected Versions** SMC SMCD3G-CCR (aka Comcast Business Gateway) versions prior to 1.4.0.49.2 **Description** The issue concerns the web management portal of the affected device, which uses predictable session IDs based on time values. This predictability makes it easier for remote attackers to hijack sessions via a brute-force attack on the `userid` cookie. **Recommendations** For versions prior to 1.4.0.49.2, update the firmware to version 1.4.0.49.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management portal to minimize the risk of exploitation.