Lucene search
K

76 matches found

Cvelist
Cvelist
added 2024/11/12 12:0 a.m.18 views

CVE-2021-27702

Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard...

0.00304EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.5 views

Sercomm Router Etisalat Model S3-AC2100 安全漏洞

Sercomm Router Etisalat Model S3-AC2100 is a router from China Zhonglei Electronics Sercomm. A security vulnerability exists in the Sercomm Router Etisalat Model S3-AC2100 that stems from an access control error...

7.3CVSS6.8AI score0.00304EPSS
Exploits0References2
CVE
CVE
added 2024/11/12 12:0 a.m.45 views

CVE-2021-27703

CVE-2021-27703 affects Sercomm Model Etisalat Model S3-AC2100; the vulnerability is Cross Site Scripting (XSS) via the firmware update page. Documented impact is limited to XSS with no exploitation details provided; remediation cited across sources is to update to the latest firmware version. No ...

5.4CVSS6.2AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.9 views

PT-2024-10909 · Sercomm · Sercomm

Name of the Vulnerable Software and Affected Versions: Sercomm Model Etisalat Model S3- AC2100 affected versions not specified Description: The issue is related to Cross Site Scripting XSS via the firmware update page. This high-severity vulnerability impacts specific versions of Sercomm products...

5.4CVSS6.4AI score0.00245EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.176 views

SerComm Network Device Backdoor Detection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SerComm Network Device Backdoor Detection', 'Description' = %q This module can identify SerComm manufactured network devices which contain a...

10CVSS7.1AI score0.73825EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.182 views

SerComm Device Configuration Dump

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Web Management', 'user' = /httpusername=\S+/i, 'pass' = /httppassword=\S+/i , 'HTTP Web Management Login', 'user' = /loginusername=\S+/i,...

7.4AI score
Exploits0
NVD
NVD
added 2022/06/02 2:15 p.m.14 views

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

9CVSS0.23666EPSS
Exploits1References2
OSV
OSV
added 2022/06/02 2:15 p.m.4 views

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

7.2CVSS5.9AI score0.23666EPSS
Exploits1References2
Prion
Prion
added 2022/06/02 2:15 p.m.17 views

Command injection

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

9CVSS7.3AI score0.23666EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

SerComm h500s 操作系统命令注入漏洞

The SerComm h500s is a router device from SerComm China. A security vulnerability exists in the SerComm h500s lowi-h500s-v3.4.22 version, which stems from a command injection issue in the httpd web server setup.cgi. The vulnerability can be exploited to execute arbitrary operating system commands...

9CVSS7.6AI score0.23666EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/06/01 12:45 a.m.19 views

CVE-2021-44080

A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...

7.5AI score0.23666EPSS
Exploits1References2
CVE
CVE
added 2022/06/01 12:45 a.m.72 views

CVE-2021-44080

The CVE-2021-44080 entry affects SerComm h500s routers (FW lowi-h500s-v3.4.22). The vulnerability is a command-injection in the httpd web server’s setup.cgi, exploitable by a logged-in administrator via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint, enabling ...

9CVSS7.3AI score0.23666EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2022/01/06 12:0 a.m.317 views

Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit

Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password gets disclosed jus...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/01/05 12:0 a.m.288 views

Vodafone H-500-s 3.5.10 WiFi Password Disclosure

Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...

7.4AI score
Exploits0
OSV
OSV
added 2021/02/27 6:15 a.m.6 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.8CVSS7.3AI score0.16062EPSS
Exploits1References2
NVD
NVD
added 2021/02/27 6:15 a.m.25 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.8CVSS0.16062EPSS
Exploits1References1
Prion
Prion
added 2021/02/27 6:15 a.m.21 views

Crlf injection

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

7.5CVSS9.6AI score0.16062EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/27 5:1 a.m.31 views

CVE-2021-27132

SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...

9.9AI score0.16062EPSS
Exploits1References1
CVE
CVE
added 2021/02/27 5:1 a.m.164 views

CVE-2021-27132

The CVE-2021-27132 issue affects Sercomm VD625 Smart Modems (firmware AGSOT_2.1.0). The vulnerability is a CRLF injection in the Content-Disposition header during the download function, enabling header manipulation that could enable session hijacking, cross-site scripting, or cache poisoning as d...

9.8CVSS9.6AI score0.16062EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/02/27 12:0 a.m.7 views

Sercomm AG Combo VD625 AGSOT Injection Vulnerability

Sercomm AG Combo VD625 AGSOT is an application from Sercomm China. provides a comprehensive telecom broadband solution. An injection vulnerability exists in SerComm AG Combo VD625 AGSOT2.1.0 that allows CRLF injection...

9.8CVSS7.3AI score0.16062EPSS
Exploits1References3
Rows per page
Query Builder