Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
425048.1%CRITICAL

Related CVEs

25
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2017-20224Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods to upload executable code, delete files, or manipulate server content for remote code execution or denial of service.CRITICAL9.359.7%Mar 16, 2026
CVE-2017-20223Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in the system to retrieve sensitive information and access functionalities without proper access controls.CRITICAL9.340.5%Mar 16, 2026
CVE-2017-20222Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to cause denial of service by forcing the router to restart.HIGH8.748.8%Mar 16, 2026
CVE-2017-20221Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform administrative actions when visited by logged-in users, enabling command execution with router privileges.MEDIUM5.320.4%Mar 16, 2026
CVE-2025-9603A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.LOW2.193.8%Aug 29, 2025
CVE-2025-28361Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.HIGH7.534.7%Mar 26, 2025
CVE-2025-26011Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26010Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.CRITICAL9.829.6%Mar 26, 2025
CVE-2025-26009Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.HIGH7.527.0%Mar 26, 2025
CVE-2025-26008In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26007Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26006Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26005Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26004Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.CRITICAL9.833.2%Mar 26, 2025
CVE-2025-26003Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.CRITICAL9.844.8%Mar 26, 2025
CVE-2025-26002Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.CRITICAL9.836.9%Mar 26, 2025
CVE-2025-26001Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.HIGH7.527.4%Mar 26, 2025
CVE-2024-29269An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.HIGH8.892.3%Apr 10, 2024
CVE-2021-46424Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.CRITICAL9.1Apr 27, 2022
CVE-2021-46423Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.MEDIUM5.3Apr 27, 2022