CVE-2025-26008

Critical

Published: 26 March 2025

Published

26 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0065 70.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26008 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Enforces validation of the setSyncTimeHost parameter in admin.cgi to prevent buffer overflow conditions from crafted HTTP requests.

SI-16 Memory Protection partial match

prevent

Implements memory protections like stack canaries, ASLR, and DEP to mitigate exploitation of the stack overflow vulnerability.

SI-2 Flaw Remediation good match

prevent

Remediates the specific stack overflow flaw in Telesquare TLR-2005KSH firmware 1.1.4 via timely patching or code correction.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote stack overflow in public-facing admin.cgi web endpoint on router directly enables T1190 for arbitrary code execution and full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.

Deeper analysisAI

CVE-2025-26008 is an unauthorized stack overflow vulnerability (CWE-120) in the Telesquare TLR-2005KSH router running firmware version 1.1.4. The issue arises when processing a request to the admin.cgi endpoint with the setSyncTimeHost parameter, allowing buffer overflow conditions without authentication.

A remote attacker requires no privileges, user interaction, or special access, as indicated by the CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By sending a specially crafted HTTP request to the vulnerable admin.cgi parameter, an unauthenticated attacker over the network can trigger the stack overflow, potentially leading to arbitrary code execution, full system compromise, and high impacts on confidentiality, integrity, and availability.

Mitigation details and additional technical information are available in the referenced advisory at https://github.com/Fan-24/Digging/blob/main/2/1.md.

Details

CWE(s): CWE-120

Affected Products

telesquare

tlr-2005ksh firmware

1.1.4

CVEs Like This One

CVE-2025-26004Same product: Telesquare Tlr-2005Ksh

CVE-2025-26007Same product: Telesquare Tlr-2005Ksh

CVE-2025-26006Same product: Telesquare Tlr-2005Ksh

CVE-2025-26005Same product: Telesquare Tlr-2005Ksh

CVE-2025-26011Same product: Telesquare Tlr-2005Ksh

CVE-2025-26002Same product: Telesquare Tlr-2005Ksh

CVE-2025-28361Same product: Telesquare Tlr-2005Ksh

CVE-2025-26010Same product: Telesquare Tlr-2005Ksh

CVE-2025-26003Same product: Telesquare Tlr-2005Ksh

CVE-2025-26001Same product: Telesquare Tlr-2005Ksh

References

https://github.com/Fan-24/Digging/blob/main/2/1.md
Broken Link · cve@mitre.org