Vendor CVEs
Telesquare
All CVEs
24 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-20224 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods… | ||
| CVE-2017-20223 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2026 | Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in… | ||
| CVE-2018-12526 | Cri | 0.64 | 9.8 | 0.02 | Jun 21, 2018 | Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account. | ||
| CVE-2017-20222 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2026 | Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to… | ||
| CVE-2025-9603 | Med | 0.41 | 6.3 | 0.08 | Aug 29, 2025 | A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote… | ||
| CVE-2017-20221 | Med | 0.28 | 4.3 | 0.00 | Mar 16, 2026 | Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform… | ||
| CVE-2021-46422 | 0.11 | — | 0.95 | Apr 27, 2022 | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication. | |||
| CVE-2021-46424 | 0.10 | — | 0.37 | Apr 27, 2022 | Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. | |||
| CVE-2021-46419 | 0.10 | — | 0.71 | Apr 7, 2022 | An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. | |||
| CVE-2021-46418 | 0.08 | — | 0.24 | Apr 7, 2022 | An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | |||
| CVE-2024-29269 | 0.07 | — | 0.06 | Apr 10, 2024 | An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter. | |||
| CVE-2025-26004 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns. | |||
| CVE-2025-26002 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost. | |||
| CVE-2025-26008 | 0.00 | — | 0.00 | Mar 26, 2025 | In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost. | |||
| CVE-2025-26010 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword. | |||
| CVE-2025-26006 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest. | |||
| CVE-2025-26001 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword. | |||
| CVE-2025-28361 | 0.00 | — | 0.00 | Mar 26, 2025 | Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component. | |||
| CVE-2025-26007 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi. | |||
| CVE-2025-26005 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp. | |||
| CVE-2025-26003 | 0.00 | — | 0.01 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest. | |||
| CVE-2025-26009 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi. | |||
| CVE-2025-26011 | 0.00 | — | 0.00 | Mar 26, 2025 | Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword. | |||
| CVE-2021-46423 | 0.00 | — | 0.01 | Apr 27, 2022 | Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. |
- risk 0.64cvss 9.8epss 0.01
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious content by exploiting enabled WebDAV HTTP methods. Attackers can use PUT, DELETE, MKCOL, MOVE, COPY, and PROPPATCH methods…
- risk 0.64cvss 9.8epss 0.01
Telesquare SKT LTE Router SDT-CS3B1 firmware version 1.2.0 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access resources by manipulating user-supplied input parameters. Attackers can directly reference objects in…
- risk 0.64cvss 9.8epss 0.02
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
- risk 0.49cvss 7.5epss 0.01
Telesquare SKT LTE Router SDT-CS3B1 software version 1.2.0 contains an unauthenticated remote reboot vulnerability that allows attackers to trigger device reboot without authentication. Attackers can send POST requests to the lte.cgi endpoint with the Command=Reboot parameter to…
- risk 0.41cvss 6.3epss 0.08
A vulnerability was determined in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection. The attack may be performed from a remote…
- risk 0.28cvss 4.3epss 0.00
Telesquare SKT LTE Router SDT-CS3B1 version 1.2.0 contains a cross-site request forgery vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting missing request validation. Attackers can craft malicious web pages that perform…
- CVE-2021-46422Apr 27, 2022risk 0.11cvss —epss 0.95
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
- CVE-2021-46424Apr 27, 2022risk 0.10cvss —epss 0.37
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
- CVE-2021-46419Apr 7, 2022risk 0.10cvss —epss 0.71
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
- CVE-2021-46418Apr 7, 2022risk 0.08cvss —epss 0.24
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
- CVE-2024-29269Apr 10, 2024risk 0.07cvss —epss 0.06
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
- CVE-2025-26004Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
- CVE-2025-26002Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.
- CVE-2025-26008Mar 26, 2025risk 0.00cvss —epss 0.00
In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.
- CVE-2025-26010Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.
- CVE-2025-26006Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.
- CVE-2025-26001Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
- CVE-2025-28361Mar 26, 2025risk 0.00cvss —epss 0.00
Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
- CVE-2025-26007Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.
- CVE-2025-26005Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.
- CVE-2025-26003Mar 26, 2025risk 0.00cvss —epss 0.01
Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.
- CVE-2025-26009Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.
- CVE-2025-26011Mar 26, 2025risk 0.00cvss —epss 0.00
Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.
- CVE-2021-46423Apr 27, 2022risk 0.00cvss —epss 0.01
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.