CVE-2025-28361
Published: 26 March 2025
Summary
CVE-2025-28361 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Telesquare Tlr-2005Ksh Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the stack overflow vulnerability in systemutil.cgi by identifying, testing, and installing patches or fixes for the specific CVE.
Enforces input validation on requests to the systemutil.cgi component to prevent buffer overflows from malformed data causing sensitive information disclosure.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate exploitation of the stack overflow even if input validation fails.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote unauthenticated stack overflow in a public-facing CGI component (systemutil.cgi) on a network device, directly enabling T1190 (Exploit Public-Facing Application) for initial access and information disclosure. The high confidentiality impact, including potential exposure of credentials and configuration data, also facilitates T1212 (Exploitation for Credential Access).
NVD Description
Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
Deeper analysisAI
CVE-2025-28361 is an unauthorized stack overflow vulnerability (CWE-120) affecting Telesquare TLR-2005KSH version 1.1.4. The flaw resides in the systemutil.cgi component, enabling remote attackers to obtain sensitive information. Published on 2025-03-26, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with no effects on integrity or availability.
A remote attacker requires no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows disclosure of sensitive information stored on the affected device, potentially exposing configuration data, credentials, or other proprietary details hosted by the Telesquare TLR-2005KSH router.
Advisories reference a GitHub repository at https://github.com/wyq-zzu/excavate/blob/main/2/1.md, which may provide additional technical details, though no specific patches or mitigation steps are detailed in available information.
Details
- CWE(s)