Cyber Posture

CVE-2025-26004

Critical

Published: 26 March 2025

Published
26 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-26004 is an unauthorized stack buffer overflow vulnerability (CWE-120) in Telesquare TLR-2005KSH version 1.1.4. The flaw is triggered when processing requests to the admin.cgi parameter with the setDdns argument, allowing buffer overflow conditions without authentication.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction. Attackers can achieve high impacts across confidentiality, integrity, and availability, potentially leading to arbitrary code execution, data compromise, or device takeover.

Further technical details, including potential exploitation vectors, are documented in the advisory at https://github.com/Fan-24/Digging/blob/main/6/1.md. No specific patches or mitigations are detailed in available sources.

Details

CWE(s)
CWE-120

Affected Products

telesquare
tlr-2005ksh firmware
1.1.4

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes a remote unauthenticated stack buffer overflow in a public-facing admin.cgi interface on a network device, directly enabling exploitation of public-facing applications for initial access and arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References