CVE-2021-45428

CRITICAL NUCLEI

Telesquare Tlr-2005ksh Firmware - IDOR

Title source: rule

Description

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.

Exploits (2)

exploitdb WORKING POC

by Ahmed Alroky · textwebappshardware

https://www.exploit-db.com/exploits/50931

View Code ZIP pw:eip

nomisec SUSPICIOUS

by projectforsix · poc

https://github.com/projectforsix/CVE-2021-45428-Defacer

View Code ZIP pw:eip

Nuclei Templates (1)

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload

CRITICALVERIFIEDby gy741

Shodan: http.html:"TLR-2005KSH"

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html

[Exploit, Third Party Advisory] https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing

Scores

CVSS v3 9.8

EPSS 0.9355

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-639

Status published

Products (1)

telesquare/tlr-2005ksh_firmware

Published Jan 03, 2022

Tracked Since Feb 18, 2026