Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

76 matches found

Nuclei
Nucleiadded yesterday78 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7.3AI score0.16687EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/26 3:19 p.m.7 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

9.8CVSS6.2AI score0.01222EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:19 p.m.3 views

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

6.5CVSS6AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:19 p.m.2 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/19 6:31 p.m.2 views

EUVD-2025-208887

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

6AI score0.00405EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/19 6:31 p.m.3 views

EUVD-2025-208883

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/19 6:31 p.m.5 views

EUVD-2025-208885

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

5.9AI score0.00517EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/19 6:31 p.m.2 views

EUVD-2025-208881

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

5.8AI score0.00401EPSS
Exploits0References4
NVD
NVDadded 2026/03/19 6:16 p.m.7 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

9.8CVSS0.00401EPSS
Exploits0References3
NVD
NVDadded 2026/03/19 6:16 p.m.9 views

CVE-2025-67115

A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...

6.5CVSS0.00405EPSS
Exploits0References3
NVD
NVDadded 2026/03/19 6:16 p.m.4 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

9.8CVSS0.01222EPSS
Exploits0References3
CVE
CVEadded 2026/03/19 12:0 a.m.6 views

CVE-2025-67115

The provided Connected documents confirm a concrete vulnerability: a path traversal in /ftl/web/setup.cgi on the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware pre-DG3934v3@2308041842 can be exploited by remote authenticated users to read arbitrary files via crafted values in the log_...

6.5CVSS6AI score0.00405EPSS
Exploits0References3
CVE
CVEadded 2026/03/19 12:0 a.m.8 views

CVE-2025-67113

CVE-2025-67113 describes an OS command injection in the CWMP client (/ftl/bin/cwmp) of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842. The root cause is unescaped TR-069 Download URL input being passed into the firmware upgrade pipeline, allowing remot...

9.8CVSS6.2AI score0.01222EPSS
Exploits0References3
CVE
CVEadded 2026/03/19 12:0 a.m.8 views

CVE-2025-67112

The CVE-2025-67112 entry concerns the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842, where a hard-coded AES-256-CBC key in the configuration backup/restore flow allows remote authenticated users to decrypt, modify, and re-encrypt device configurations. Th...

9.8CVSS5.8AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/19 12:0 a.m.18 views

CVE-2025-67114

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

0.00517EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.4 views

PT-2026-26319

Use of a deterministic credential generation algorithm in /ftl/bin/calc f2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass a...

5.9AI score0.00517EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/19 12:0 a.m.6 views

PT-2026-26318

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/03/19 12:0 a.m.3 views

CVE-2025-67114

Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...

5.9AI score0.00517EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/19 12:0 a.m.19 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

0.01222EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/19 12:0 a.m.21 views

CVE-2025-67112

Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...

0.00401EPSS
Exploits0References3
Rows per page
Query Builder