CVE-2021-45428

Опубликовано: 03 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.

Ссылки

http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html
Exploit
Third Party Advisory
VDB Entry
https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:telesquare:tlr-2005ksh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telesquare:tlr-2005ksh:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91545

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-hp88-wcmx-23jq