CVE-2025-26011

Critical

Published: 26 March 2025

Published

26 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-26011 is an unauthorized stack overflow vulnerability in the Telesquare TLR-2005KSH router running version 1.1.4. The flaw is triggered when the device processes a request to the admin.cgi parameter using the setUsernamePassword function, leading to a buffer overflow condition classified under CWE-120.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it highly severe. Remote, unauthenticated attackers can exploit it over the network with low complexity and no user interaction, potentially achieving high impacts on confidentiality, integrity, and availability through arbitrary code execution or denial of service.

Mitigation details and additional technical analysis are available in the referenced advisory at https://github.com/Fan-24/Digging/blob/main/8/1.md, published on 2025-03-26.

Details

CWE(s): CWE-120

Affected Products

telesquare

tlr-2005ksh firmware

1.1.4

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated stack buffer overflow in public-facing admin.cgi web interface directly enables T1190 Exploit Public-Facing Application for RCE/DoS on the network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Fan-24/Digging/blob/main/8/1.md
Broken Link · cve@mitre.org