S4E

CVE-2024-29269 Scanner

CVE-2024-29269 scanner - Remote Code Execution vulnerability in Telesquare TLR-2005KSH

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

4 week

Scan only one

Domain, Ipv4

Toolbox

-

Telesquare TLR-2005KSH is an LTE router developed by Telesquare, a South Korean company. It is widely used by SK Telecom for providing internet connectivity. The router is employed in various environments, including homes and businesses, to manage and distribute network traffic. Network administrators and telecom providers utilize this device for stable and reliable internet services. The router's configuration and control are managed through a web interface.

The Telesquare TLR-2005KSH router has a critical remote command execution vulnerability. This flaw allows unauthorized users to execute system commands on the device. The vulnerability is due to improper handling of the Cmd parameter in the router's web interface. Exploitation of this vulnerability can lead to complete control of the device.

The vulnerability in Telesquare TLR-2005KSH exists in the /cgi-bin/admin.cgi?Command=sysCommand&Cmd= endpoint. By manipulating the Cmd parameter, an attacker can inject arbitrary system commands. The router does not properly sanitize this parameter, allowing remote command execution without authorization. This can result in the attacker obtaining server permissions. The issue affects firmware versions 1.0.0 and 1.1.4.

Exploitation of this vulnerability can have severe consequences. An attacker could gain unauthorized access to the router, execute arbitrary commands, and control the device. This could lead to network disruption, data theft, and potential further attacks on connected devices. The router could be used as a launchpad for broader network intrusions.

By using the S4E platform, you gain comprehensive visibility into your network's security posture. Our advanced scanning tools detect and report critical vulnerabilities like remote command execution in real-time. Stay ahead of potential threats with our proactive monitoring and detailed reports. Protect your digital assets and ensure compliance with industry standards. Join our platform to enhance your cybersecurity defenses effortlessly.

References:

Get started to protecting your Free Full Security Scan