CVE-2021-45428

CRITICAL

9.8

Description

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/3/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

telesquare:tlr-2005kshtelesquare:tlr-2005ksh_firmware

Faiblesses (CWE)

CWE-639

References

http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html(cve@mitre.org)

https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing(cve@mitre.org)

http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html(af854a3a-2127-422b-91ae-364da2661108)

https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.