CRLF Injection - Sercomm VD625

By
Anandhu K A
Published on
10 Jan 2022
Vulnerability

Description

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT_2.1.0 are vulnerable to CRLF Injection via the Content-Disposition header

The device has a web interface for management which is exposed to the public, and it is easy to send a modified http request to the web server by simply adding a.txt or other sort of extension to the GET request’s url, which causes the device to believe it is a download request. The system then inserts the contents of the url we entered into the header field “Content-Disposition,” and attempts to download the file.

Because this header field is not fully sanitised, it is possible to force the header to wrap by inserting a new line and then inserting further header fields as desired in the http response using the CRLF technique.

Recommendations

  • Update Sercomm firmware to the latest version.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Anandhu K A
Anandhu K A
Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment