CVE-2025-9603

MEDIUM

Telesquare TLR-2005KSH 1.2.4 - Command Injection

Title source: llm

Description

A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.321779

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.321779

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.636414

Exploit, Third Party Advisory related

https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md

View Exploit ZIP pw:eip

Exploit, Third Party Advisory exploit

https://github.com/lin-3-start/lin-cve/blob/main/Telesquare%20Tlr-2005Ksh/Telesquare%20Tlr-2005Ksh%E5%AD%98%E5%9C%A8%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md#3poc

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0077

EPSS Percentile 73.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-77

Status published

Products (1)

telesquare/tlr-2005ksh_firmware 1.2.4

Published Aug 29, 2025

Tracked Since Feb 18, 2026