CVE-2021-45428
published 2022-01-03CVE-2021-45428: TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and…
PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
56.93%
98.9th percentile
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring for HTTP PUT requests to the device, which should not normally accept PUT. A successful upload returns HTTP 201. ↗
- →Confirm exploitation by checking that the uploaded file is subsequently retrievable via GET (HTTP 200), indicating successful arbitrary file write. ↗
- →Use the Shodan dork to identify exposed TLR-2005KSH devices on the internet as potential targets. ↗
- →No authentication is required to exploit this vulnerability; monitor for unauthenticated PUT requests to the device's web interface. ↗
- →Alternate Shodan dork for identifying vulnerable devices: title:"Login to TLR-2021" ↗
- ·The vulnerability affects Telesquare TLR-2005KSH version 1.0.0 specifically; verify device firmware version before applying detections. ↗
- ·The exploit proof-of-concept uses a randomized filename (e.g. l6f3jd6cbf.txt); detection rules should not rely on a specific filename but rather on the HTTP PUT method being used against the device. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TLR-2005KSH - Arbitrary File Upload
exploitdb·2022-05-11·CVSS 9.8
CVE-2021-45428 [CRITICAL] TLR-2005KSH - Arbitrary File Upload
TLR-2005KSH - Arbitrary File Upload
---
# Exploit Title: TLR-2005KSH - Arbitrary File Upload
# Date: 2022-05-11
# Shodan Dork: title:"Login to TLR-2021"
# Exploit Author: Ahmed Alroky
# Author Company : Aiactive
# Version: 1.0.0
# Vendor home page : http://telesquare.co.kr/
# Authentication Required: No
# Tested on: Windows
# CVE: CVE-2021-45428
# Vulnerability Description
# Due to the Via WebDAV (Web Distributed Authoring and Versioning),
# on the remote server,telesquare TLR-2021 allows unauthorized users to upload
# any file(e.g. asp, aspx, cfm, html, jhtml, jsp, shtml) which causes
# remote code execution as well.
# Due to the WebDAV, it is possible to upload the arbitrary
# file utilizing the PUT method.
# Proof-of-Concept
# Request
PUT /l6f3jd6cbf.txt HTTP/1.1
Host: 223.62.114.
Nuclei
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2021-45428 [CRITICAL] Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
Template:
id: CVE-2021-45428
info:
name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
author: gy741
severity: critical
description: |
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
impact: |
Successful exploitation of this vulnerability could result in unauthorized accessand data leakage.
remediation: |
Apply the latest security patch or update to a version that addresses the arbitrary file upload vulnerability.
reference:
- https://drive
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.htmlhttps://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharinghttp://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.htmlhttps://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing
2022-01-03
Published