cvedb.io
CVE-2021-44080
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2022-06-02T14:15:31.317 · Last modified 2026-06-17T04:11:52.860

Summary

A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.

Affected products

sercomm — h500s_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when sercomm ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.