CVE-2025-26002
Published: 26 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-26002 is an unauthorized stack overflow vulnerability (CWE-120) affecting Telesquare TLR-2005KSH version 1.1.4. The issue arises when processing requests to the admin.cgi parameter with the setSyncTimeHost argument, allowing buffer overflow conditions without authentication. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.
A remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted request to the vulnerable admin.cgi endpoint, the attacker triggers the stack overflow, potentially achieving arbitrary code execution with high impacts on confidentiality, integrity, and availability.
Further technical details and analysis are provided in the referenced GitHub repositories, including https://github.com/Fan-24/Digging/blob/main/3/1.md and https://github.com/Fan-24/Digging/tree/main/2. No specific patch or mitigation guidance is detailed in the CVE publication.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The unauthenticated remote stack overflow in the public-facing admin.cgi endpoint directly enables exploitation of a public-facing application for arbitrary code execution.