CVE-2021-27132
CRITICAL NUCLEISerComm AG Combo VD625 AGSOT_2.1.0 - HTTP Header Injection via Content-Disposition Header
Title source: llmExploitation Summary
CVE-2021-27132 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
Nuclei Templates (1)
Sercomm VD625 Smart Modems - CRLF Injection
CRITICALby geeknik
References (2)
Core 2
Core References
Broken Link x_refsource_misc
http://sercomm.com
Exploit, Third Party Advisory x_refsource_misc
https://cybertuz.com/blog/post/crlf-injection-CVE-2021-27132
Scores
CVSS v3
9.8
EPSS
0.1669
EPSS Percentile
96.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
sercomm/agcombo_vd625_firmware
agsot_2.1.0
Published
Feb 27, 2021
Tracked Since
Feb 18, 2026