CVE-2025-9603 | Telesquare TLR-2005KSH 1.2.4 internet.cgi?Command=lanCfg Hostname command injection

Inserito da Angelo Barbosa | Ago 28, 2025 | CVE

A vulnerability, which was classified as critical, was found in Telesquare TLR-2005KSH 1.2.4. The affected element is an unknown function of the file /cgi-bin/internet.cgi?Command=lanCfg. Executing manipulation of the argument Hostname can lead to command injection.

This vulnerability appears as CVE-2025-9603. The attack may be performed from a remote location. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9603 | Telesquare TLR-2005KSH 1.2.4 internet.cgi?Command=lanCfg Hostname command injection

Post correlati

CVE-2024-7038 | open-webui up to 0.3.8 Admin Setting information disclosure

CVE-2024-52323 | Zoho ManageEngine Analytics Plus up to 6099 information disclosure

CVE-2024-55567 | Insyde InsydeH2O prior 05.47.01/05.55.01/05.62.01/05.71.01 UsbCoreDxe input validation

CVE-2024-4220 | BeyondTrust BeyondInsight up to 23.0 information disclosure