CVE-2021-27132: SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download...
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
Security readout for executives and security teams
Plain-English summary
This CVE describes a header injection flaw in the download function of SerComm AG Combo VD625 devices running AGSOT_2.1.0. Affected devices may generate unsafe HTTP response headers. The public record does not provide severity, CVSS, a fixed version, or evidence of active exploitation.
Executive priority
Treat this as an exposure-management item until better severity data is available. Prioritize if these devices are internet-facing, support critical operations, or cannot be isolated from untrusted users.
Technical view
CVE-2021-27132 is a CRLF injection issue affecting the Content-Disposition header in the device download function. The source bundle identifies SerComm AG Combo VD625 AGSOT_2.1.0, but the structured affected-product data is incomplete and no CWE, CVSS, or remediation version is listed.
Likely exposure
Exposure is most likely where SerComm AG Combo VD625 devices running AGSOT_2.1.0 are deployed and the affected download function is reachable. The sources do not establish broader product, firmware, or internet-wide exposure.
Exploitation context
The sources describe the vulnerability class but do not cite exploitation in the wild. The CVE is not listed as KEV in the provided bundle, so active exploitation should not be assumed.
Researcher notes
Evidence is thin: the CVE record names the vulnerable function and header, but provides no CVSS, CWE, fixed release, or complete affected-product metadata. Validation should focus on asset presence, firmware version, reachability, and vendor remediation status.
Mitigation direction
Inventory SerComm AG Combo VD625 devices and firmware versions.
Check vendor or operator guidance for fixed firmware or supported mitigations.
Restrict management and download interfaces to trusted networks.
Avoid exposing device administrative functions directly to the internet.
Monitor reverse proxies and device logs for unusual header behavior.
Validation and detection
Confirm whether AG Combo VD625 devices are present in asset records.
Verify whether deployed devices run AGSOT_2.1.0 firmware.
Identify whether the download function is reachable by untrusted users.
Review vendor advisories or support channels for remediation status.
Use safe, authorized testing to assess header handling behavior.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-27132 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
2Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Feb 27, 2021, 05:01 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.