Sign-up

ID

VAR-202201-0155


CVE

CVE-2021-45428


TITLE

TLR-2005KSH  Vulnerability in user-controlled key authentication evasion in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002856

DESCRIPTION

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats. TLR-2005KSH Exists in a user-controlled key authentication evasion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Telesquare Tlr-2005Ksh is a Sk telecommunications Lte router of South Korea's Telesquare Company

Trust: 2.25

sources: NVD: CVE-2021-45428 // JVNDB: JVNDB-2022-002856 // CNVD: CNVD-2022-04552 // VULMON: CVE-2021-45428

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-04552

AFFECTED PRODUCTS

vendor:telesquaremodel:tlr-2005kshscope:eqversion: -

Trust: 1.8

vendor:telesquaremodel:tlr-2005kshscope: - version: -

Trust: 1.4

vendor:telesquaremodel:tlr-2005kshscope:eqversion:tlr-2005ksh firmware

Trust: 0.8

sources: CNVD: CNVD-2022-04552 // JVNDB: JVNDB-2022-002856 // NVD: CVE-2021-45428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-45428
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-45428
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-04552
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202201-074
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-45428
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-45428
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-04552
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-45428
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-45428
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-04552 // VULMON: CVE-2021-45428 // JVNDB: JVNDB-2022-002856 // CNNVD: CNNVD-202201-074 // NVD: CVE-2021-45428

PROBLEMTYPE DATA

problemtype:CWE-639

Trust: 1.0

problemtype:Avoid authentication with user-controlled keys (CWE-639) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-002856 // NVD: CVE-2021-45428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-074

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-074

PATCH

title:Top Pageurl:http://en.telesquare.co.kr/

Trust: 0.8

title:Patch for Telesquare TLR-2005KSH Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/314156

Trust: 0.6

title:Telesquare TLR-2005KSH Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176742

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-04552 // VULMON: CVE-2021-45428 // JVNDB: JVNDB-2022-002856 // CNNVD: CNNVD-202201-074

EXTERNAL IDS

db:NVDid:CVE-2021-45428

Trust: 3.9

db:PACKETSTORMid:167101

Trust: 2.5

db:JVNDBid:JVNDB-2022-002856

Trust: 0.8

db:CNVDid:CNVD-2022-04552

Trust: 0.6

db:EXPLOIT-DBid:50931

Trust: 0.6

db:CNNVDid:CNNVD-202201-074

Trust: 0.6

db:VULMONid:CVE-2021-45428

Trust: 0.1

sources: CNVD: CNVD-2022-04552 // VULMON: CVE-2021-45428 // JVNDB: JVNDB-2022-002856 // CNNVD: CNNVD-202201-074 // NVD: CVE-2021-45428

REFERENCES

url:https://drive.google.com/file/d/1wm1spofb9mh2ses7camlysui9fopfb3f/view?usp=sharing

Trust: 3.1

url:http://packetstormsecurity.com/files/167101/tlr-2005ksh-arbitrary-file-upload.html

Trust: 3.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-45428

Trust: 1.4

url:https://www.exploit-db.com/exploits/50931

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/639.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-04552 // VULMON: CVE-2021-45428 // JVNDB: JVNDB-2022-002856 // CNNVD: CNNVD-202201-074 // NVD: CVE-2021-45428

SOURCES

db:CNVDid:CNVD-2022-04552
db:VULMONid:CVE-2021-45428
db:JVNDBid:JVNDB-2022-002856
db:CNNVDid:CNNVD-202201-074
db:NVDid:CVE-2021-45428

LAST UPDATE DATE

2024-11-23T22:32:58.106000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-04552date:2022-01-18T00:00:00
db:VULMONid:CVE-2021-45428date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2022-002856date:2023-01-17T07:28:00
db:CNNVDid:CNNVD-202201-074date:2022-05-12T00:00:00
db:NVDid:CVE-2021-45428date:2024-11-21T06:32:12.290

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-04552date:2022-01-18T00:00:00
db:VULMONid:CVE-2021-45428date:2022-01-03T00:00:00
db:JVNDBid:JVNDB-2022-002856date:2023-01-17T00:00:00
db:CNNVDid:CNNVD-202201-074date:2022-01-03T00:00:00
db:NVDid:CVE-2021-45428date:2022-01-03T14:15:07.693