Cyber Posture

CVE-2025-26007

Critical

Published: 26 March 2025

Published
26 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-26007 is an unauthorized stack overflow vulnerability (CWE-120) affecting Telesquare TLR-2005KSH version 1.1.4. The issue resides in the login interface, triggered when requesting the systemtil.cgi endpoint. Published on 2025-03-26, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted request to systemtil.cgi, the attacker triggers a stack overflow, enabling high-impact consequences including unauthorized access to sensitive data (C:H), modification of system integrity (I:H), and denial of service or code execution (A:H).

For mitigation details, refer to the advisory at https://github.com/Fan-24/Digging/blob/main/10/1.md.

Details

CWE(s)
CWE-120

Affected Products

telesquare
tlr-2005ksh firmware
1.1.4

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The CVE describes a remote unauthenticated stack overflow in the public-facing login interface (systemtil.cgi) of a network device, directly enabling exploitation of a public-facing application for code execution and full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References