CVE-2025-26010

Name of the Vulnerable Software and Affected Versions Telesquare TLR-2005KSH version 1.1.4

Description The issue allows unauthorized password modification. This can be achieved by requesting the "admin.cgi" parameter with setUserNamePassword.

Recommendations For Telesquare TLR-2005KSH version 1.1.4, as a temporary workaround, consider restricting access to the "admin.cgi" parameter until a patch is available. Avoid using the setUserNamePassword parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.