CVE-2025-26001
Published: 26 March 2025
Description
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Security Summary
CVE-2025-26001 affects Telesquare TLR-2005KSH version 1.1.4, where the device is vulnerable to information disclosure through the getUserNamePassword parameter. Classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), this flaw allows unauthorized access to sensitive credentials. The vulnerability received a CVSS v3.1 base score of 7.5 (High), reflecting its network accessibility, low attack complexity, lack of required privileges or user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability.
A remote attacker requires no authentication or privileges to exploit this vulnerability over the network with low complexity and no user interaction. By crafting a request targeting the getUserNamePassword parameter, the attacker can retrieve usernames and passwords stored on the device, potentially enabling further unauthorized access, lateral movement, or privilege escalation within the affected environment.
Further technical details, including potential exploitation methods, are documented in the referenced GitHub repositories at https://github.com/Fan-24/Digging/blob/main/1/1.md and https://github.com/Fan-24/Digging/tree/main/1. No specific patch or mitigation guidance is detailed in the primary CVE information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an unauthenticated remote information disclosure in a public-facing network device management interface (getUserNamePassword parameter), directly enabling T1190 Exploit Public-Facing Application; the impact of retrieving stored usernames/passwords facilitates T1552 Unsecured Credentials.