CVE-2024-29269

Name of the Vulnerable Software and Affected Versions Telesquare TLR-2005Ksh versions 1.0.0 through 1.1.4

Description The issue allows attackers to run arbitrary system commands via the Cmd parameter, potentially leading to data breaches or network compromise. It is estimated that over 40,000 devices may be affected. The vulnerability can be exploited to execute system commands without authorization.

Recommendations For versions 1.0.0 through 1.1.4, as a temporary workaround, consider disabling the use of the Cmd parameter until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.