VYPR
Vendor

Sercomm

Products
5
CVEs
9
Across products
9
Status
Private

Products

5

Recent CVEs

9
  • CVE-2021-27132CriFeb 27, 2021
    risk 0.65cvss 9.8epss 0.17

    SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.

  • CVE-2022-4985HigNov 14, 2025
    risk 0.57cvss epss 0.00

    Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve…

  • CVE-2021-44080HigJun 2, 2022
    risk 0.49cvss 7.2epss 0.24

    A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.

  • CVE-2021-27702HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.

  • CVE-2021-27703MedNov 12, 2024
    risk 0.35cvss 5.4epss 0.00

    Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.

  • CVE-2025-67113Mar 19, 2026
    risk 0.00cvss epss 0.01

    OS command injection in the CWMP client (/ftl/bin/cwmp) of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is…

  • CVE-2025-67112Mar 19, 2026
    risk 0.00cvss epss 0.00

    Use of a hard-coded AES-256-CBC key in the configuration backup/restore implementation of Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to decrypt, modify, and re-encrypt device configurations, enabling…

  • CVE-2025-67115Mar 19, 2026
    risk 0.00cvss epss 0.00

    A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log_type parameter to…

  • CVE-2025-67114Mar 19, 2026
    risk 0.00cvss epss 0.01

    Use of a deterministic credential generation algorithm in /ftl/bin/calc_f2 in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote attackers to derive valid administrative/root credentials from the device's MAC address, enabling…