CVE-2021-27404

MEDIUM

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Open Redirect via Host Header Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27404. PoCs published by bokanrb.

AI-analyzed exploit summary This repository documents an authenticated Host Header Injection vulnerability in Askey RTF8115VW modems. The PoC demonstrates how an attacker can manipulate the Host header to redirect users to a malicious site, potentially leading to credential theft or cookie extraction.

Description

Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.

Exploits (1)

nomisec WRITEUP 3 stars
by bokanrb · poc
https://github.com/bokanrb/CVE-2021-27404

This repository documents an authenticated Host Header Injection vulnerability in Askey RTF8115VW modems. The PoC demonstrates how an attacker can manipulate the Host header to redirect users to a malicious site, potentially leading to credential theft or cookie extraction.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014
Auth required
Prerequisites: Access to the vulnerable modem's web interface · Valid session cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/bokanrb/HostHeaderInjection-Askey

Scores

CVSS v3 6.1
EPSS 0.0087
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-601
Status published
Products (1)
asus/askey_rtf8115vw_firmware br_sv_g11.11_rtf_tef001_v6.54_v014
Published Feb 19, 2021
Tracked Since Feb 18, 2026