76 matches found
Sercomm VD625 Smart Modems - CRLF Injection
Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67112
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
EUVD-2025-208881
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
EUVD-2025-208883
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
EUVD-2025-208885
Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...
EUVD-2025-208887
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67112
Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling credential manipulatio...
CVE-2025-67115
A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the logtype parameter to /logsave.htm...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
Sercomm SCE4255W 安全漏洞
Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W, including DG3934v3@2308041842, contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the CWMP client, which could allow remote...
CVE-2025-67114
Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...
CVE-2025-67113
OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...
Sercomm SCE4255W 安全漏洞
Sercomm SCE4255W is a broadband gateway device produced by Sercomm in Taiwan, China. Previous versions of Sercomm SCE4255W DG3934v3@2308041842 contained security vulnerabilities. These vulnerabilities stemmed from the use of hard-coded AES-256-CBC keys in the configuration backup/restore mechanis...
CVE-2025-67113
CVE-2025-67113 describes an OS command injection in the CWMP client (/ftl/bin/cwmp) of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842. The root cause is unescaped TR-069 Download URL input being passed into the firmware upgrade pipeline, allowing remot...
CVE-2025-67114
The CVE-2025-67114 affects the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware, where a deterministic credential generation in /ftl/bin/calc_f2 allows remote attackers to derive valid admin/root credentials from the MAC address, enabling authentication bypass and full device access. Mi...
PT-2026-26319
Use of a deterministic credential generation algorithm in /ftl/bin/calc f2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass a...
CVE-2025-67114
Use of a deterministic credential generation algorithm in /ftl/bin/calcf2 in Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling authentication bypass an...