CVE-2025-26009
Published: 26 March 2025
Description
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Security Summary
CVE-2025-26009, published on 2025-03-26, is an Information Disclosure vulnerability classified under CWE-200, affecting the Telesquare TLR-2005KSH router in version 1.1.4. The flaw occurs when requesting the systemutilit.cgi component, which improperly exposes sensitive information. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.
The vulnerability can be exploited by unauthenticated remote attackers over the network with low attack complexity and no user interaction required. Successful exploitation allows attackers to obtain sensitive system information disclosed by the CGI endpoint, potentially aiding further attacks without impacting integrity or availability.
Advisories and further details are available in the referenced GitHub document at https://github.com/Fan-24/Digging/blob/main/11/1.md.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The unauthenticated remote information disclosure via systemutilit.cgi directly enables retrieval of sensitive system details, mapping to System Information Discovery.