cbcvebase.
CVE-2021-46424
published 2022-04-27

CVE-2021-46424: Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal…

PriorityP273critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EXPLOIT
EPSS
36.83%
98.3th percentile
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.

Affected

1 ranges
VendorProductVersion rangeFixed in
telesquaretlr-2005ksh_firmware

Detection & IOCsextracted from sources · hover to see the quote

urlDELETE /cgi-bin/test2.txt HTTP/1.1
port8083
path/cgi-bin/test2.txt
path/images/icons_title.gif
  • Detect unauthenticated HTTP DELETE requests targeting paths on Telesquare TLR-2005KSH devices; a successful exploit returns HTTP 204 on DELETE and HTTP 404 on subsequent GET of the same resource.
  • Fingerprint vulnerable devices via Shodan or FOFA by searching for the device identifier string in HTTP response bodies.
  • No authentication is required to exploit this vulnerability; monitor for HTTP DELETE method usage from external/untrusted sources against this device.
  • The vulnerability allows deletion of any file including system internal files via a DELETE HTTP request; alert on DELETE requests to /cgi-bin/ or /images/ paths on affected devices.
  • ·The exploit PoC targets a specific test file path (/cgi-bin/test2.txt) and a known static asset (/images/icons_title.gif), but the vulnerability is not limited to these paths — any file on the device can be deleted.
  • ·The Nuclei template uses a 3-step detection sequence (GET → DELETE → GET) and relies on HTTP status code transitions (200 → 204 → 404) to confirm exploitation; this is a destructive/intrusive check as it actually deletes the target file.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:N/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.