76 matches found
CVE-2021-27702
Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard...
Sercomm Router Etisalat Model S3-AC2100 安全漏洞
Sercomm Router Etisalat Model S3-AC2100 is a router from China Zhonglei Electronics Sercomm. A security vulnerability exists in the Sercomm Router Etisalat Model S3-AC2100 that stems from an access control error...
CVE-2021-27703
CVE-2021-27703 affects Sercomm Model Etisalat Model S3-AC2100; the vulnerability is Cross Site Scripting (XSS) via the firmware update page. Documented impact is limited to XSS with no exploitation details provided; remediation cited across sources is to update to the latest firmware version. No ...
PT-2024-10909 · Sercomm · Sercomm
Name of the Vulnerable Software and Affected Versions: Sercomm Model Etisalat Model S3- AC2100 affected versions not specified Description: The issue is related to Cross Site Scripting XSS via the firmware update page. This high-severity vulnerability impacts specific versions of Sercomm products...
SerComm Network Device Backdoor Detection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SerComm Network Device Backdoor Detection', 'Description' = %q This module can identify SerComm manufactured network devices which contain a...
SerComm Device Configuration Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Web Management', 'user' = /httpusername=\S+/i, 'pass' = /httppassword=\S+/i , 'HTTP Web Management Login', 'user' = /loginusername=\S+/i,...
CVE-2021-44080
A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...
CVE-2021-44080
A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...
Command injection
A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...
SerComm h500s 操作系统命令注入漏洞
The SerComm h500s is a router device from SerComm China. A security vulnerability exists in the SerComm h500s lowi-h500s-v3.4.22 version, which stems from a command injection issue in the httpd web server setup.cgi. The vulnerability can be exploited to execute arbitrary operating system commands...
CVE-2021-44080
A Command Injection vulnerability in httpd web server setup.cgi in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connectiontype parameter of the statussupportdiagnostictracing.json endpoint...
CVE-2021-44080
The CVE-2021-44080 entry affects SerComm h500s routers (FW lowi-h500s-v3.4.22). The vulnerability is a command-injection in the httpd web server’s setup.cgi, exploitable by a logged-in administrator via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint, enabling ...
Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password gets disclosed jus...
Vodafone H-500-s 3.5.10 WiFi Password Disclosure
Exploit Title: Vodafone H-500-s 3.5.10 - WiFi Password Disclosure Date: 01/01/2022 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://www.vodafone.es/ Software Link: N/A Version: Firmware version Vodafone-H-500-s-v3.5.10 Hardware model: Sercomm VFH500 The WiFi access point password...
CVE-2021-27132
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
CVE-2021-27132
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
Crlf injection
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
CVE-2021-27132
SerComm AG Combo VD625 AGSOT2.1.0 devices allow CRLF injection for HTTP header injection in the download function via the Content-Disposition header...
CVE-2021-27132
The CVE-2021-27132 issue affects Sercomm VD625 Smart Modems (firmware AGSOT_2.1.0). The vulnerability is a CRLF injection in the Content-Disposition header during the download function, enabling header manipulation that could enable session hijacking, cross-site scripting, or cache poisoning as d...
Sercomm AG Combo VD625 AGSOT Injection Vulnerability
Sercomm AG Combo VD625 AGSOT is an application from Sercomm China. provides a comprehensive telecom broadband solution. An injection vulnerability exists in SerComm AG Combo VD625 AGSOT2.1.0 that allows CRLF injection...