.. / CVE-2024-29269

Exploit for Telesquare TLR-2005KSH 1.0.0, 1.1.4 - Unauthenticated Remote Code Execution (CVE-2024-29269)

Description:

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea’s Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-29269.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-29269.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-29269
https://github.com/wutalent/CVE-2024-29269/blob/main/index.md
https://www.github.com/YongYe-Security/CVE-2024-29269