telesquare CVE Vulnerabilities & Metrics

Focus on telesquare vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About telesquare Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with telesquare. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total telesquare CVEs: 19
Earliest CVE date: 21 Jun 2018, 15:29 UTC
Latest CVE date: 26 Mar 2025, 20:15 UTC

Latest CVE reference: CVE-2025-28361

Rolling Stats

30-day Count (Rolling): 12
365-day Count (Rolling): 12

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical telesquare CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.81

Max CVSS: 10.0

Critical CVEs (≥9): 3

CVSS Range vs. Count

Range	Count
0.0-3.9	12
4.0-6.9	3
7.0-8.9	1
9.0-10.0	3

CVSS Distribution Chart

Top 5 Highest CVSS telesquare CVEs

These are the five CVEs with the highest CVSS scores for telesquare, sorted by severity first and recency.

CVE-2021-46422 telesquare Published on 27 Apr 2022, 13:15 UTC (CVSS: 10.0)
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
CVE-2018-12526 telesquare Published on 21 Jun 2018, 15:29 UTC (CVSS: 10.0)
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVE-2021-46424 telesquare Published on 27 Apr 2022, 13:15 UTC (CVSS: 9.4)
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.
CVE-2021-45428 telesquare Published on 03 Jan 2022, 14:15 UTC (CVSS: 7.5)
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.
CVE-2021-46419 telesquare Published on 07 Apr 2022, 12:15 UTC (CVSS: 6.4)
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.

All CVEs for telesquare

CVE-2025-28361 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.

CVE-2025-26011 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.

CVE-2025-26010 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.

CVE-2025-26009 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.

CVE-2025-26008 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.

CVE-2025-26007 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.

CVE-2025-26006 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.

CVE-2025-26005 telesquare vulnerability CVSS: 0 26 Mar 2025, 20:15 UTC

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.

CVE-2025-26004 telesquare vulnerability CVSS: 0 26 Mar 2025, 19:15 UTC

Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.

CVE-2025-26003 telesquare vulnerability CVSS: 0 26 Mar 2025, 19:15 UTC

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized command execution vulnerability when requesting the admin.cgi parameter with setAutorest.

CVE-2025-26002 telesquare vulnerability CVSS: 0 26 Mar 2025, 19:15 UTC

Telesquare TLR-2005KSH 1.1.4 is affected by an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setSyncTimeHost.

CVE-2025-26001 telesquare vulnerability CVSS: 0 26 Mar 2025, 19:15 UTC

Telesquare TLR-2005KSH 1.1.4 is vulnerable to Information Disclosure via the parameter getUserNamePassword.

CVE-2021-46424 telesquare vulnerability CVSS: 9.4 27 Apr 2022, 13:15 UTC

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.

CVE-2021-46423 telesquare vulnerability CVSS: 5.0 27 Apr 2022, 13:15 UTC

Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.

CVE-2021-46422 telesquare vulnerability CVSS: 10.0 27 Apr 2022, 13:15 UTC

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

CVE-2021-46419 telesquare vulnerability CVSS: 6.4 07 Apr 2022, 12:15 UTC

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.

CVE-2021-46418 telesquare vulnerability CVSS: 5.0 07 Apr 2022, 12:15 UTC

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.

CVE-2021-45428 telesquare vulnerability CVSS: 7.5 03 Jan 2022, 14:15 UTC

TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled so an attacker can upload arbitrary files including HTML and CGI formats.

CVE-2018-12526 telesquare vulnerability CVSS: 10.0 21 Jun 2018, 15:29 UTC

Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.