CVE-2025-28361 – A buffer overflow vulnerability in Telesquare T... (How to Fix)

Q: What is the severity of CVE-2025-28361?

CVE-2025-28361 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in Telesquare TLR-2005KSH routers allows remote attackers to read sensitive information from memory via the systemutil.cgi component. This affects organizations using Telesquare TLR-2005KSH routers version 1.1.4, potentially exposing credentials, configuration data, or other sensitive information.

📋 TL;DR

A buffer overflow vulnerability in Telesquare TLR-2005KSH routers allows remote attackers to read sensitive information from memory via the systemutil.cgi component. This affects organizations using Telesquare TLR-2005KSH routers version 1.1.4, potentially exposing credentials, configuration data, or other sensitive information.

💻 Affected Systems

Products:

Telesquare TLR-2005KSH

Versions: v1.1.4

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface accessible on default ports.

📦 What is this software?

Tlr 2005ksh Firmware by Telesquare

View all CVEs affecting Tlr 2005ksh Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full system access, extracts all configuration data including admin credentials, and pivots to internal networks.

🟠

Likely Case

Remote attacker reads sensitive memory contents including partial credentials, session tokens, or configuration details.

🟢

If Mitigated

Information disclosure limited to non-sensitive memory regions with proper network segmentation and access controls.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via web interface component.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or gather sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of buffer overflow techniques and memory layout.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after v1.1.4

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Contact Telesquare for updated firmware. 2. Download latest firmware from vendor portal. 3. Upload firmware via web interface. 4. Apply update and verify version.

🔧 Temporary Workarounds

Disable web management interface

all

Prevent remote access to vulnerable component by disabling web interface

Access router CLI via SSH/Telnet
Disable web interface service
Verify service is stopped

Network segmentation

all

Restrict access to router management interface using firewall rules

Configure firewall to allow only trusted IPs to port 80/443
Implement VLAN segmentation

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for unusual access patterns to systemutil.cgi endpoint

🔍 How to Verify

Check if Vulnerable:

Check router web interface version at /cgi-bin/systemutil.cgi or admin panel

Check Version:

curl -k https://[router-ip]/cgi-bin/systemutil.cgi?action=version

Verify Fix Applied:

Verify firmware version is updated beyond v1.1.4 in admin interface

📡 Detection & Monitoring

Log Indicators:

Multiple requests to /cgi-bin/systemutil.cgi with large payloads
Memory error messages in system logs

Network Indicators:

Unusual traffic patterns to router management interface
Large POST requests to systemutil.cgi endpoint

SIEM Query:

source="router_logs" AND uri="/cgi-bin/systemutil.cgi" AND size>1000

📊 Metadata

CVE ID: CVE-2025-28361

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-120

EPSS Score: 0.31% exploit probability (53.6th percentile)

Published: March 26, 2025

Last Updated: April 1, 2025

🔗 References

https://github.com/wyq-zzu/excavate/blob/main/2/1.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-28361, you might also want to check these: