Sign-up

ID

VAR-202204-2035


CVE

CVE-2021-46424


TITLE

Telesquare  of  TLR-2005KSH  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-008852

DESCRIPTION

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request. Telesquare of TLR-2005KSH There are unspecified vulnerabilities in the firmware.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Telesquare Tlr-2005Ksh is a Sk telecommunications Lte router of South Korea's Telesquare Company

Trust: 2.25

sources: NVD: CVE-2021-46424 // JVNDB: JVNDB-2022-008852 // CNVD: CNVD-2022-61620 // VULMON: CVE-2021-46424

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-61620

AFFECTED PRODUCTS

vendor:telesquaremodel:tlr-2005kshscope:eqversion:1.0.0

Trust: 1.6

vendor:telesquaremodel:tlr-2005kshscope:eqversion:tlr-2005ksh firmware 1.0.0

Trust: 0.8

vendor:telesquaremodel:tlr-2005kshscope: - version: -

Trust: 0.8

vendor:telesquaremodel:tlr-2005kshscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2022-61620 // JVNDB: JVNDB-2022-008852 // NVD: CVE-2021-46424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-46424
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-46424
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-61620
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202204-4485
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-46424
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-46424
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-61620
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-46424
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-46424
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-61620 // VULMON: CVE-2021-46424 // JVNDB: JVNDB-2022-008852 // CNNVD: CNNVD-202204-4485 // NVD: CVE-2021-46424

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-008852 // NVD: CVE-2021-46424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-4485

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-4485

EXTERNAL IDS

db:NVDid:CVE-2021-46424

Trust: 3.9

db:PACKETSTORMid:167127

Trust: 2.5

db:JVNDBid:JVNDB-2022-008852

Trust: 0.8

db:CNVDid:CNVD-2022-61620

Trust: 0.6

db:EXPLOIT-DBid:50935

Trust: 0.6

db:CNNVDid:CNNVD-202204-4485

Trust: 0.6

db:VULMONid:CVE-2021-46424

Trust: 0.1

sources: CNVD: CNVD-2022-61620 // VULMON: CVE-2021-46424 // JVNDB: JVNDB-2022-008852 // CNNVD: CNNVD-202204-4485 // NVD: CVE-2021-46424

REFERENCES

url:http://packetstormsecurity.com/files/167127/tlr-2005ksh-arbitrary-file-delete.html

Trust: 3.2

url:https://drive.google.com/drive/folders/1_e3ej8fzhcwnckorpbloyqecukkpr4od?usp=sharing

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2021-46424

Trust: 1.4

url:https://www.exploit-db.com/exploits/50935

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-46424/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2022-61620 // VULMON: CVE-2021-46424 // JVNDB: JVNDB-2022-008852 // CNNVD: CNNVD-202204-4485 // NVD: CVE-2021-46424

SOURCES

db:CNVDid:CNVD-2022-61620
db:VULMONid:CVE-2021-46424
db:JVNDBid:JVNDB-2022-008852
db:CNNVDid:CNNVD-202204-4485
db:NVDid:CVE-2021-46424

LAST UPDATE DATE

2024-11-23T21:58:22.581000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-61620date:2022-09-04T00:00:00
db:VULMONid:CVE-2021-46424date:2022-05-12T00:00:00
db:JVNDBid:JVNDB-2022-008852date:2023-07-31T08:22:00
db:CNNVDid:CNNVD-202204-4485date:2022-05-16T00:00:00
db:NVDid:CVE-2021-46424date:2024-11-21T06:34:03.740

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-61620date:2022-08-29T00:00:00
db:VULMONid:CVE-2021-46424date:2022-04-27T00:00:00
db:JVNDBid:JVNDB-2022-008852date:2023-07-31T00:00:00
db:CNNVDid:CNNVD-202204-4485date:2022-04-27T00:00:00
db:NVDid:CVE-2021-46424date:2022-04-27T13:15:09.287