CVE-2011-0887

Name of the Vulnerable Software and Affected Versions SMC SMCD3G-CCR (aka Comcast Business Gateway) versions prior to 1.4.0.49.2

Description The issue concerns the web management portal of the affected device, which uses predictable session IDs based on time values. This predictability makes it easier for remote attackers to hijack sessions via a brute-force attack on the userid cookie.

Recommendations For versions prior to 1.4.0.49.2, update the firmware to version 1.4.0.49.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management portal to minimize the risk of exploitation.