CVERadar

CVE-2024-29269

Medium Severity

SVRS

36/100

CVSSv3

NA/10

EPSS

0.92979/1

CVE-2024-29269 is a command injection vulnerability in Telesquare TLR-2005Ksh devices. It allows remote attackers to execute arbitrary system commands by exploiting the Cmd parameter in versions 1.0.0 and 1.1.4. With an SOCRadar Vulnerability Risk Score (SVRS) of 36, this vulnerability is currently not considered critical, but it still poses a security risk. Although the CVSS score is 0, indicating minimal impact according to that system, active exploits are available, increasing the potential for malicious use. This means threat actors can potentially gain unauthorized access and control of affected systems. Immediate patching may not be required, but close monitoring and awareness are advised to prevent exploitation and maintain system security. The vulnerability can lead to significant compromise, including data breaches and system disruption.

TAGS

In The Wild

Exploit Avaliable

VECTOR STRING

PUBLICATION DATE2024-04-10

LAST MODIFIED2024-08-27

SOCRadar

AI Insight

Description

CVE-2024-29269 is a vulnerability in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 that allows attackers to execute arbitrary system commands via the Cmd parameter. This vulnerability has a CVSS score of 0, indicating a low severity. However, SOCRadar's SVRS assigns it a score of 50, indicating a moderate risk.

Key Insights

Active Exploits: Active exploits have been published for this vulnerability, making it a high priority for patching.
In the Wild: This vulnerability is actively exploited by hackers, making it critical to take immediate action.
Threat Actors: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.

Mitigation Strategies

Apply Patches: Install the latest security patches from Telesquare as soon as possible.
Disable the Affected Feature: If patching is not immediately possible, disable the Cmd parameter to mitigate the risk.
Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests that attempt to exploit this vulnerability.
Monitor for Suspicious Activity: Regularly monitor logs and network traffic for any suspicious activity that may indicate an exploit attempt.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

Title	Software Link	Date
K3ysTr0K3R/CVE-2024-29269-EXPLOIT	https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT	2024-07-01
YongYe-Security/CVE-2024-29269	https://github.com/YongYe-Security/CVE-2024-29269	2024-04-12

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

No news found for this CVE

Social Media

Censys

@censysio

2024-05-28

CVE-2024-29269 allows unauthenticated #RCE on Telesquare TLR-2005Ksh routers (vers 1.0.0 & 1.1.4). Censys identified 3.3K exposed instances, all in 🇰🇷 South Korea. Devices with 5745-byte HTTP headers may be vulnerable. No patch yet. https://t.co/lWUR9gO6Bn #CensysRapidResponse

Milos Constantin 👉 https://hachyderm.io/@Tinolle

@Tinolle

2024-05-23

PoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+ Telesquare Routers https://t.co/Er5nN7JHBT

Nicolas Krassas

@Dinosn

2024-05-23

PoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+ Telesquare Routers https://t.co/bVWPjq1oEl

Eusebiu Blindu

@testalways

2024-05-23

PoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+ Telesquare Routers https://t.co/5XsQn8Sel8

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://github.com/wutalent/CVE-2024-29269/blob/main/index.md

CWE Details

CWE ID	CWE Name	Description
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence