vendor:
TLR-2005KSH
by:
Ahmed Alroky
9.1
CVSS
CRITICAL
Arbitrary File Delete
22
CWE
Product Name: TLR-2005KSH
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: CVE-2021-46424
CPE: a:telesquare:tlr-2005ksh:1.0.0
Tags: cve,cve2021,telesquare,intrusive,packetstorm
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Nuclei References:
https://dl.packetstormsecurity.net/2205-exploits/tlr2005ksh-filedelete.txt, https://drive.google.com/drive/folders/1_e3eJ8fzhCWnCkoRpbLoyQecuKkPR4OD?usp=sharing, http://packetstormsecurity.com/files/167127/TLR-2005KSH-Arbitrary-File-Delete.html, https://nvd.nist.gov/vuln/detail/CVE-2021-46424
Nuclei Metadata: {'max-request': 3, 'shodan-query': 'http.html:"TLR-2005KSH"', 'verified': True, 'vendor': 'telesquare', 'product': 'tlr-2005ksh_firmware'}
Platforms Tested: Windows
2022
TLR-2005KSH – Arbitrary File Delete
This exploit allows an attacker to delete arbitrary files on the target system. By sending a specially crafted DELETE request, the attacker can specify the file to be deleted. This vulnerability can be exploited without authentication.
Mitigation:
To mitigate this vulnerability, it is recommended to apply the latest patch or update from the vendor. Additionally, access controls should be implemented to restrict unauthorized access to the affected system.
