CVE-2025-26001
Published: 26 March 2025
Summary
CVE-2025-26001 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 32.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AU-13 (Monitoring for Information Disclosure).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to block unauthorized access to sensitive credentials exposed via the getUserNamePassword parameter.
Monitors for unauthorized retrieval of information such as usernames and passwords disclosed through the vulnerable endpoint.
Filters or sanitizes sensitive information in system outputs to prevent disclosure in responses to unauthenticated requests targeting the getUserNamePassword parameter.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an unauthenticated remote information disclosure in a public-facing network device management interface (getUserNamePassword parameter), directly enabling T1190 Exploit Public-Facing Application; the impact of retrieving stored usernames/passwords facilitates T1552 Unsecured Credentials.
NVD Description
Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.
Deeper analysisAI
CVE-2025-26001 affects Telesquare TLR-2005KSH version 1.1.4, where the device is vulnerable to information disclosure through the getUserNamePassword parameter. Classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), this flaw allows unauthorized access to sensitive credentials. The vulnerability received a CVSS v3.1 base score of 7.5 (High), reflecting its network accessibility, low attack complexity, lack of required privileges or user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability.
A remote attacker requires no authentication or privileges to exploit this vulnerability over the network with low complexity and no user interaction. By crafting a request targeting the getUserNamePassword parameter, the attacker can retrieve usernames and passwords stored on the device, potentially enabling further unauthorized access, lateral movement, or privilege escalation within the affected environment.
Further technical details, including potential exploitation methods, are documented in the referenced GitHub repositories at https://github.com/Fan-24/Digging/blob/main/1/1.md and https://github.com/Fan-24/Digging/tree/main/1. No specific patch or mitigation guidance is detailed in the primary CVE information.
Details
- CWE(s)