CRLF Injection - Sercomm VD625

By
Anandhu K A
Published on
10 Jan 2022
Vulnerability

Description

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header

The device has a web interface for management which is exposed to the public, and it is easy to send a modified http request to the web server by simply adding a.txt or other sort of extension to the GET request’s url, which causes the device to believe it is a download request. The system then inserts the contents of the url we entered into the header field “Content-Disposition,” and attempts to download the file.

Because this header field is not fully sanitised, it is possible to force the header to wrap by inserting a new line and then inserting further header fields as desired in the http response using the CRLF technique.

Recommendations

  • Update Sercomm firmware to the latest version.
Written by
Anandhu K A
Anandhu K A
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Start free trial